Re: [WebDNA] path traversal

This WebDNA talk-list message is from

2020


It keeps the original formatting.
numero = 115084
interpreted = N
texte = 2713 The path/folder name is specified in the prefs file. I have never tried but I= guess you could put a ^ in front of ShoppingCarts and see what happens.=20 Regards Stuart Tremain Pharoah Lane Software Suite 16, 20 Burlington Street Crows Nest NSW 2065 AUSTRALIA +612 8971 4431 > On 14 Apr 2020, at 5:56 pm, talk@webdna.us wrote: >=20 > =EF=BB=BFA security friend told me about "path traversal=E2=80=9D=20 > https://portswigger.net/web-security/file-path-traversal >=20 > and told me that the idea that the =E2=80=9CShoppingCarts=E2=80=9D folder i= s located usually under a website folder is not a good practice. > How do i move the creation of files from the directory under the website f= orlder to be under the Globals so it=E2=80=99ll be protected from such kind o= f attack ? >=20 > I made such directory elsewhere but didn=E2=80=99t know how to make WebDNA= use it ? >=20 > I use CentOS 7 and=20 >=20 > Yours, >=20 > Yariv--------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list talk@webdna.us > To unsubscribe, E-mail to: talk-leave@webdna.us > archives: http://www.webdna.us/page.dna?numero=3D55 > Bug Reporting: support@webdna.us --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us . Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] path traversal (Donovan Brooke 2020)
  2. Re: [WebDNA] path traversal (Office 2020)
  3. Re: [WebDNA] path traversal (Office 2020)
  4. Re: [WebDNA] path traversal (Stuart Tremain 2020)
  5. Re: [WebDNA] path traversal (Stuart Tremain 2020)
  6. Re: [WebDNA] path traversal (Donovan Brooke 2020)
  7. [WebDNA] path traversal (Yariv Nachshon 2020)
2713 The path/folder name is specified in the prefs file. I have never tried but I= guess you could put a ^ in front of ShoppingCarts and see what happens.=20 Regards Stuart Tremain Pharoah Lane Software Suite 16, 20 Burlington Street Crows Nest NSW 2065 AUSTRALIA +612 8971 4431 > On 14 Apr 2020, at 5:56 pm, talk@webdna.us wrote: >=20 > =EF=BB=BFA security friend told me about "path traversal=E2=80=9D=20 > https://portswigger.net/web-security/file-path-traversal >=20 > and told me that the idea that the =E2=80=9CShoppingCarts=E2=80=9D folder i= s located usually under a website folder is not a good practice. > How do i move the creation of files from the directory under the website f= orlder to be under the Globals so it=E2=80=99ll be protected from such kind o= f attack ? >=20 > I made such directory elsewhere but didn=E2=80=99t know how to make WebDNA= use it ? >=20 > I use CentOS 7 and=20 >=20 > Yours, >=20 > Yariv--------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list talk@webdna.us > To unsubscribe, E-mail to: talk-leave@webdna.us > archives: http://www.webdna.us/page.dna?numero=3D55 > Bug Reporting: support@webdna.us --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us . Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebDNA Solutions ... sorry! (1997) webcat2b12 CGI -- Date comparisons (1997) Browser Resolution (1999) 2.0Beta Command Ref (can't find this instruction) (1997) email stoped (2003) WebCatalog and WebMerchant reviewed by InfoWorld (1997) Frames and WebCat (1997) WebCommerce: Folder organization ? (1997) FYI-AuthorizeNet-possible downtime (2001) WCS Newbie question (1997) Caching [include] files ... (1997) [WebDNA] Google Cloud (2014) Header Values won't take. (1998) [format xs] freeze (1997) [SHOWIF AND/OR] (1997) triggers.db (1999) SiteBuilder? - SlideShow (2004) Target wit redirect (1998) [WebDNA] Small Parsing Problem (2009) 2.1b3 --> way slow (1997)