Re: [WebDNA] path traversal

This WebDNA talk-list message is from

2020


It keeps the original formatting.
numero = 115085
interpreted = N
texte = 2714 You can always use [orderfile file=3D^secretfolder/[cart]] Regards Stuart Tremain Pharoah Lane Software Suite 16, 20 Burlington Street Crows Nest NSW 2065 AUSTRALIA +612 8971 4431 > On 14 Apr 2020, at 5:56 pm, talk@webdna.us wrote: >=20 > =EF=BB=BFA security friend told me about "path traversal=E2=80=9D=20 > https://portswigger.net/web-security/file-path-traversal >=20 > and told me that the idea that the =E2=80=9CShoppingCarts=E2=80=9D folder i= s located usually under a website folder is not a good practice. > How do i move the creation of files from the directory under the website f= orlder to be under the Globals so it=E2=80=99ll be protected from such kind o= f attack ? >=20 > I made such directory elsewhere but didn=E2=80=99t know how to make WebDNA= use it ? >=20 > I use CentOS 7 and=20 >=20 > Yours, >=20 > Yariv--------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list talk@webdna.us > To unsubscribe, E-mail to: talk-leave@webdna.us > archives: http://www.webdna.us/page.dna?numero=3D55 > Bug Reporting: support@webdna.us --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us . Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] path traversal (Donovan Brooke 2020)
  2. Re: [WebDNA] path traversal (Office 2020)
  3. Re: [WebDNA] path traversal (Office 2020)
  4. Re: [WebDNA] path traversal (Stuart Tremain 2020)
  5. Re: [WebDNA] path traversal (Stuart Tremain 2020)
  6. Re: [WebDNA] path traversal (Donovan Brooke 2020)
  7. [WebDNA] path traversal (Yariv Nachshon 2020)
2714 You can always use [orderfile file=3D^secretfolder/[cart]] Regards Stuart Tremain Pharoah Lane Software Suite 16, 20 Burlington Street Crows Nest NSW 2065 AUSTRALIA +612 8971 4431 > On 14 Apr 2020, at 5:56 pm, talk@webdna.us wrote: >=20 > =EF=BB=BFA security friend told me about "path traversal=E2=80=9D=20 > https://portswigger.net/web-security/file-path-traversal >=20 > and told me that the idea that the =E2=80=9CShoppingCarts=E2=80=9D folder i= s located usually under a website folder is not a good practice. > How do i move the creation of files from the directory under the website f= orlder to be under the Globals so it=E2=80=99ll be protected from such kind o= f attack ? >=20 > I made such directory elsewhere but didn=E2=80=99t know how to make WebDNA= use it ? >=20 > I use CentOS 7 and=20 >=20 > Yours, >=20 > Yariv--------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list talk@webdna.us > To unsubscribe, E-mail to: talk-leave@webdna.us > archives: http://www.webdna.us/page.dna?numero=3D55 > Bug Reporting: support@webdna.us --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us . Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Odd Cart Behavior (1997) Payflow Pro Jar (2002) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) New public beta available (1997) Issue with plug-in Webcat, webstar 4.x, SSL and IE when using the backbuttom (2000) Tax Rates returns only 0.00 (2000) RE: Error -108 (1997) [OT] MacOs IE5 topmargin and leftmargin bug (2000) NT vs Mac (1997) Re:Running 2 two WebCatalog.acgi's (1996) HELP WITH DATES (1997) A quickie question (1997) ImageMagick on OSX (2003) Not really WebCat (1997) WebCat2b12 CGI Mac -- Problems propagating the cart through (1997) lineitem variables (1999) RE: Missing contexts on NT (1997) Separate SSL Server (1997) Nested ListFiles (1998) RE: new cart IDs being assigned somehow (1997)