yao zhihua added the comment:
Here about webbrowser vulnerability.
https://bugs.python.org/issue32367
You could execute command with file protocols in python 2.7.10.
poc :
import webbrowser, os
filename = "/bin/ls"
webbrowser.open(os.path.realpath(filename))
If python has
yao zhihua added the comment:
Borrow what others have said from Issue11662.
The Python urllib and urllib2 modules are typically used to fetch web
pages but by default also contains handlers for ftp:// and file:// URL
schemes.
Now unfortunately it appears that it is
yao zhihua added the comment:
I tried again, webbrowser module can only open file:///etc/passwd.
--
___
Python tracker
<https://bugs.python.org/issue32
yao zhihua added the comment:
I also found a function without filtering file protocol.
poc:
import webbrowser
webbrowser.open('file:///etc/passwd')
--
___
Python tracker
<https://bugs.python.o
Change by yao zhihua :
--
title: issue30657 Incomplete fix -> issue11662 Incomplete fix
___
Python tracker
<https://bugs.python.org/issue32993>
___
___
Python-
yao zhihua added the comment:
Okay my falut.I made the wrong issue.The issue is issue11662.Urlopen function
can use the file protocol, when an attacker input file:///etc/passwd, it can
leak the contents of the passwd file.
--
___
Python tracker
New submission from yao zhihua :
Due to the incomplete fix for CVE-2011-1521, urllib and urllib2 exist for this
vulnerability and I tested on the version of Python 3.4.8 (default, Mar 4 2018,
20:37:04).I am sorry that I do not know how to fix it.
--
components: Library (Lib)
files
