nat/htmlgen
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

various minor updates

Browse Source
This commit is contained in:
natalie roentgen connolly
2025-04-16 05:31:27 -07:00
parent 903d7270e7
commit c327df8aa3
8 changed files with 29 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/html/ada-hack-1.lisp
View File

@ -5,7 +5,7 @@
(section ()
(p () "
prior to natalie rewriting the backend of its website, there was a bug that would allow a bash command in a comment inside $[echo \\$\\[]] and not containing < or &rt; to be executed upon querrying the url /html/%2e%2e/files/posts-to-homepage/{post file}.
this was due to any url beginning with '/html/' being unconditionally put through parse_file(), which generates static content from the embedded bash in the html (see <a href='/html/site-info.html'></a>).
this was due to any url beginning with '/html/' being unconditionally put through parse_file(), which generates static content from the embedded bash in the html (see <a href='/html/stats.html'>stats.html</a>).
in addition to this, the source code of the server could be attained via a similar method, requesting the path of the file, but with /files/ or /html/ in front of it, followed by %2e%2e.")
(p () "
ada was able to exploit this by first getting the source code of the webserver via the second method discussed above, examining it, and deducing the first vulnerability mentioned above.