Skip to content

Instantly share code, notes, and snippets.

@hannob
hannob / squirrelmail-fix-file-disclosure.diff
Created Mar 14, 2018
squirrelmail quick fix for file disclosure vuln presented at Troopers 2018 (#TR18)
View squirrelmail-fix-file-disclosure.diff
--- squirrelmail.stable/squirrelmail/class/deliver/Deliver.class.php 2017-01-27 21:31:33.000000000 +0100
+++ htdocs/class/deliver/Deliver.class.php 2018-03-14 17:21:10.320000000 +0100
@@ -281,6 +281,7 @@
global $username, $attachment_dir;
$hashed_attachment_dir = getHashedDir($username, $attachment_dir);
$filename = $message->att_local_name;
+ if(!ctype_alnum($filename)) die();
// inspect attached file for lines longer than allowed by RFC,
// in which case we'll be using base64 encoding (so we can split
@hannob
hannob / infineon-roca.md
Last active Oct 25, 2020
Affected Products and Keys by Infineon RSA vulnerability
View infineon-roca.md
@hannob
hannob / wordpress-4.2-xss-emergency-fix.diff
Created Apr 27, 2015
Wordpress 4.2 XSS emergency fix
View wordpress-4.2-xss-emergency-fix.diff
--- wordpress/wp-comments-post.php 2015-01-08 08:05:25.000000000 +0100
+++ htdocs/wp-comments-post.php 2015-04-27 16:50:24.250000000 +0200
@@ -12,6 +12,12 @@
exit;
}
+$psize=0;
+foreach($_POST as $p) {
+ $psize += strlen($p);
+}
View keybase.md

Keybase proof

I hereby claim:

  • I am hannob on github.
  • I am hanno (https://keybase.io/hanno) on keybase.
  • I have a public key whose fingerprint is FE73 757F A60E 4E21 B937 579F A588 0072 BBB5 1E42

To claim this, I am signing this object: