directory traversal Bug

Question

directory traversal Bug

Closed this issue 6 years ago · 1 comments

●When reading a dictionary file with "os.path.dirname (os.path.realpath (__ file__)))", it is possible to read arbitrary directories.

●You can resolve by specifying the base directory. (Example using * startswith)

os.path.realpath("/../../../../../..//etc/passwd").startswith("/root/pen/aiodnsbrute/aiodnsbrute")
False

●PoC
python3 cli.py -w /../../../../../etc/passwd -vv -t 1024 example.com
[] Brute forcing example.com with a maximum of 1024 concurrent tasks...
[] Wordlist loaded, brute forcing 54 DNS records
[*] Using recursive DNS with the following servers: ['192.168.31.2']
[-] Debian-gdm:x:131:139:Gnome Display Manager:/var/lib/gdm3:/bin/false.example.com generated an unexpected exception: encoding with 'idna' codec failed (UnicodeError: label empty or too long)

Answer 1 · 2018-12-18T02:36:42.000Z

so... you can read a file you have access to already?