Commit 43da1a7b authored by Dominika Liberda's avatar Dominika Liberda 💽

+ some HTML output sanitization; fixes XSS in listing

parent a3eca121
......@@ -24,7 +24,7 @@ function register() {
function login() {
local username=$(echo -ne $(echo "$1" | sed -E 's/%/\\x/g'))
IFS=':'
local user=($(grep "$username:" secret/users.dat))
local user=($(grep -P "$username:" secret/users.dat))
unset IFS
if [[ $(echo -n $2${user[2]} | sha256sum | cut -c 1-64 ) == ${user[1]} ]]; then
set_cookie_permanent "sh_session" ${user[3]}
......
......@@ -36,3 +36,9 @@ function post_dump() {
echo "${i}=${post_data[$i]}"
done
}
# html_encode(string)
function html_encode() {
#echo -n "$1" | xxd -ps | sed -E 's/.{2}/\&#x&;/g'
echo -n "$1" | sed 's/</\&#60;/g;s/>/\&#62;/g;s/%/\&#37;/g;s/\//\&#47;/g;s/\\/\&#92;/g;s/'"'"'/\&#39;/g;s/"/\&#34;/g;s/`/\&#96;/g;s/?/\&#63;/g'
}
......@@ -3,10 +3,10 @@ ${cfg[extra_headers]}\r\n\r\n"
source templates/head.sh
printf "<h1>Index of $([[ ${r[url]} == '' ]] && echo '/' || echo ${r[url]})</h1>"
printf "<h1>Index of $([[ ${r[url]} == '' ]] && echo '/' || echo $(html_encode ${r[url]}))</h1>"
if [[ ${cookies[username]} != '' ]]; then
echo "Logged in as ${cookies[username]}"
echo "Logged in as $(html_encode ${cookies[username]})"
fi
printf "<table>
......@@ -23,11 +23,11 @@ IFS=$'\n'
for i in $(ls ${r[uri]}); do
unset IFS
stats=($(ls -hld "${r[uri]}/$i")) # -hld stands for Half-Life Dedicated
if [[ -d ${r[uri]}'/'$i ]]; then
printf "<tr><td><a href='$(echo -ne ${r[url]})/$i/'>$i</a></td><td>&lt;DIR&gt;</td><td>${stats[5]} ${stats[6]} ${stats[7]}</td></tr>"
if [[ -d "${r[uri]}"'/'"$i" ]]; then
printf "<tr><td><a href='$(html_encode "${r[url]}/$i/")'>$(html_encode "$i")</a></td><td>&lt;DIR&gt;</td><td>${stats[5]} ${stats[6]} ${stats[7]}</td></tr>"
else
printf "<tr><td><a href='$(echo -ne ${r[url]})/$i'>$i</a></td><td>${stats[4]}B</td><td>${stats[5]} ${stats[6]} ${stats[7]}</td></tr>"
printf "<tr><td><a href='$(html_encode "${r[url]}/$i")'>$(html_encode "$i")</a></td><td>${stats[4]}B</td><td>${stats[5]} ${stats[6]} ${stats[7]}</td></tr>"
fi
done
printf "</table><p><i>HTTP.sh server on ${r[host]}</i></p><p>laura is cute</p>"
printf "</table><p><i>HTTP.sh server on $(html_encode ${r[host]})</i></p><p>laura is cute</p>"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment