infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Target path normalization fixed

master
Sonny Gonzalez 2019-04-15 16:35:15 -05:00
parent 04dcd8a1f9
commit cf7096f8ba
No known key found for this signature in database
GPG Key ID: CB9B0D55493F72DA
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/msf/core/db_manager/import/metasploit_framework/zip.rb
View File

@ -195,7 +195,7 @@ module Msf::DBManager::Import::MetasploitFramework::Zip
data.entries.each do |e| data.entries.each do |e|
# normalize entry name to an absolute path # normalize entry name to an absolute path
target = File.expand_path(@import_filedata[:zip_tmp] + e.name, '/').to_s target = File.expand_path(File.join(@import_filedata[:zip_tmp], e.name), '/').to_s
# skip if the target would be extracted outside of the zip # skip if the target would be extracted outside of the zip
# tmp dir to mitigate any directory traversal attacks # tmp dir to mitigate any directory traversal attacks