Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix ronin-web server to display the raw request path #98

Open
postmodern opened this issue Nov 26, 2024 · 1 comment
Open

Fix ronin-web server to display the raw request path #98

postmodern opened this issue Nov 26, 2024 · 1 comment
Labels
bug Bug Report command help-wanted Extra attention is needed server

Comments

@postmodern
Copy link
Member

postmodern commented Nov 26, 2024
edited
Loading

The ronin-web server command currently displays the normalized request path, not the raw request path.

$ curl --path-as-is 'http://localhost:8000/../../../foo'

$ ronin-web server
* Listening on http://0.0.0.0:8000
Use Ctrl-C to stop
GET /foo
Host: localhost:8000
User-Agent: curl/8.6.0
Accept: */*
Version: HTTP/1.1


$ nc -l -p 8000
GET /../../../foo HTTP/1.1
Host: localhost:8000
User-Agent: curl/8.6.0
Accept: */*

This appears to be due to Rack normalizing the path at some point. We need to change the printing logic in Ronin::Web::CLI::Commands::Server#run to display the raw request path without any normalization.
@postmodern postmodern added bug Bug Report command server help-wanted Extra attention is needed labels Nov 26, 2024
@postmodern
Copy link
Member Author

Appears that REQUEST_PATH has the raw path. Although, WEBrick appears to reject requests with path traversals in them instead of normalizing them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug Report command help-wanted Extra attention is needed server
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@postmodern