Skip to content

Instantly share code, notes, and snippets.

View hannob's full-sized avatar

Hanno Böck hannob

View GitHub Profile
@hannob
hannob / squirrelmail-fix-file-disclosure.diff
Created March 14, 2018 16:23
squirrelmail quick fix for file disclosure vuln presented at Troopers 2018 (#TR18)
--- squirrelmail.stable/squirrelmail/class/deliver/Deliver.class.php 2017-01-27 21:31:33.000000000 +0100
+++ htdocs/class/deliver/Deliver.class.php 2018-03-14 17:21:10.320000000 +0100
@@ -281,6 +281,7 @@
global $username, $attachment_dir;
$hashed_attachment_dir = getHashedDir($username, $attachment_dir);
$filename = $message->att_local_name;
+ if(!ctype_alnum($filename)) die();
// inspect attached file for lines longer than allowed by RFC,
// in which case we'll be using base64 encoding (so we can split
@hannob
hannob / infineon-roca.md
Last active October 25, 2020 15:55
Affected Products and Keys by Infineon RSA vulnerability
@hannob
hannob / wordpress-4.2-xss-emergency-fix.diff
Created April 27, 2015 14:52
Wordpress 4.2 XSS emergency fix
--- wordpress/wp-comments-post.php 2015-01-08 08:05:25.000000000 +0100
+++ htdocs/wp-comments-post.php 2015-04-27 16:50:24.250000000 +0200
@@ -12,6 +12,12 @@
exit;
}
+$psize=0;
+foreach($_POST as $p) {
+ $psize += strlen($p);
+}