Re: [WebDNA] path traversal

This WebDNA talk-list message is from

2020


It keeps the original formatting.
numero = 115083
interpreted = N
texte = 2712 As far as I know the old (but awesome) e-commerce system is no longer suppor= ted.=20 Every commerce context for that old e-commerce system (orderfile, addlitems,= etc) had path parameter options... (so, for example =E2=80=98file=3D^=E2=80= =99). =E2=80=98^=E2=80=99 symbol is the path to the globals directory. (Which is a= lso, I believe, said to be unsupported)=20 I=E2=80=99d suggest finding a new solution.. but if you are sticking with an= cient technology, find a copy of the older docs. Good luck=20 D. Brooke Mobile > On Apr 14, 2020, at 2:55 AM, talk@webdna.us wrote: >=20 > =EF=BB=BFA security friend told me about "path traversal=E2=80=9D=20 > https://portswigger.net/web-security/file-path-traversal >=20 > and told me that the idea that the =E2=80=9CShoppingCarts=E2=80=9D folder i= s located usually under a website folder is not a good practice. > How do i move the creation of files from the directory under the website f= orlder to be under the Globals so it=E2=80=99ll be protected from such kind o= f attack ? >=20 > I made such directory elsewhere but didn=E2=80=99t know how to make WebDNA= use it ? >=20 > I use CentOS 7 and=20 >=20 > Yours, >=20 > Yariv--------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list talk@webdna.us > To unsubscribe, E-mail to: talk-leave@webdna.us > archives: http://www.webdna.us/page.dna?numero=3D55 > Bug Reporting: support@webdna.us --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us . Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] path traversal (Donovan Brooke 2020)
  2. Re: [WebDNA] path traversal (Office 2020)
  3. Re: [WebDNA] path traversal (Office 2020)
  4. Re: [WebDNA] path traversal (Stuart Tremain 2020)
  5. Re: [WebDNA] path traversal (Stuart Tremain 2020)
  6. Re: [WebDNA] path traversal (Donovan Brooke 2020)
  7. [WebDNA] path traversal (Yariv Nachshon 2020)
2712 As far as I know the old (but awesome) e-commerce system is no longer suppor= ted.=20 Every commerce context for that old e-commerce system (orderfile, addlitems,= etc) had path parameter options... (so, for example =E2=80=98file=3D^=E2=80= =99). =E2=80=98^=E2=80=99 symbol is the path to the globals directory. (Which is a= lso, I believe, said to be unsupported)=20 I=E2=80=99d suggest finding a new solution.. but if you are sticking with an= cient technology, find a copy of the older docs. Good luck=20 D. Brooke Mobile > On Apr 14, 2020, at 2:55 AM, talk@webdna.us wrote: >=20 > =EF=BB=BFA security friend told me about "path traversal=E2=80=9D=20 > https://portswigger.net/web-security/file-path-traversal >=20 > and told me that the idea that the =E2=80=9CShoppingCarts=E2=80=9D folder i= s located usually under a website folder is not a good practice. > How do i move the creation of files from the directory under the website f= orlder to be under the Globals so it=E2=80=99ll be protected from such kind o= f attack ? >=20 > I made such directory elsewhere but didn=E2=80=99t know how to make WebDNA= use it ? >=20 > I use CentOS 7 and=20 >=20 > Yours, >=20 > Yariv--------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list talk@webdna.us > To unsubscribe, E-mail to: talk-leave@webdna.us > archives: http://www.webdna.us/page.dna?numero=3D55 > Bug Reporting: support@webdna.us --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us . Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Possible Bug in 2.0b15.acgi (1997) WebCat ignoring Shopping Cart Folder (2001) newbie ?: splitting webcat files between ssl and non-ssl sites (1999) Unix Timestamp using WebDNA [code req] (2003) WebCat2 - storing unformatted date data? (1997) searchable list archive (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) Orderfile context problem (1998) Quitting WebMerchant ? (1997) WebCat Error Log problem (2.0.1, acgi, Mac) (1997) shipcost (1997) Design Help Needed (1998) WebDNA 6.0 & MAC OS X Server 10.4.10 (2007) ImageMagick on OSX (2003) Bulk Linebreak Changes (2002) Emailer [cart] file names (1997) HTML docs are wrong about listwords ... (2000) dates as search criteria (2000) Trouble with formula.db + more explanation (1997) [WebDNA] Grep (2009)