yao zhihua <hackyzh...@gmail.com> added the comment:
Here about webbrowser vulnerability.
https://bugs.python.org/issue32367
You could execute command with file protocols in python 2.7.10.
poc :
import webbrowser, os
filename = "/bin/ls"
webbrowser.open(os.path.realpath(filen
yao zhihua <hackyzh...@gmail.com> added the comment:
Borrow what others have said from Issue11662.
The Python urllib and urllib2 modules are typically used to fetch web
pages but by default also contains handlers for ftp:// and file:// URL
schemes.
Now unfortu
yao zhihua <hackyzh...@gmail.com> added the comment:
I tried again, webbrowser module can only open file:///etc/passwd.
--
___
Python tracker <rep...@bugs.python.org>
<https://bugs.python
yao zhihua <hackyzh...@gmail.com> added the comment:
I also found a function without filtering file protocol.
poc:
import webbrowser
webbrowser.open('file:///etc/passwd')
--
___
Python tracker <rep...@bugs.python.org>
<https://
Change by yao zhihua <hackyzh...@gmail.com>:
--
title: issue30657 Incomplete fix -> issue11662 Incomplete fix
___
Python tracker <rep...@bugs.python.org>
<https://bugs.pyt
yao zhihua <hackyzh...@gmail.com> added the comment:
Okay my falut.I made the wrong issue.The issue is issue11662.Urlopen function
can use the file protocol, when an attacker input file:///etc/passwd, it can
leak the contents of the passw
New submission from yao zhihua <hackyzh...@gmail.com>:
Due to the incomplete fix for CVE-2011-1521, urllib and urllib2 exist for this
vulnerability and I tested on the version of Python 3.4.8 (default, Mar 4 2018,
20:37:04).I am sorry that I do not know how to fix it.
--
comp
