Hamza Avvan added the comment:
Requested review for the unit test few days ago. Please check.
https://github.com/python/cpython/pull/24848
--
___
Python tracker
<https://bugs.python.org/issue43
Change by Hamza Avvan :
--
hgrepos: +404
___
Python tracker
<https://bugs.python.org/issue43223>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Hamza Avvan :
--
keywords: +patch
pull_requests: +23609
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/24848
___
Python tracker
<https://bugs.python.org/issu
Hamza AVvan added the comment:
As for the directory issue, not only .ssh but an attacker can use any directory
to make the open redirection exploitable.
And as for the HTTP Header Location, the server does not remove extra trailing
slash from the PAYLOAD uri, which seems to be the cause of
Change by Hamza AVvan :
--
title: Open Redirection In Python 3.7 & 3.8 -> [SECURITY] Open Redirection In
Python 3.7 & 3.8
___
Python tracker
<https://bugs.python.
New submission from Hamza AVvan :
The provided version of python distros 3.8.7 and 3.7.4 are vulnerable to open
redirection while traversing to an existing directory.
# PAYLOAD
http://127.0.0.1:8000//attacker.com/..%2f..%2f..%2f..%2f..%2f../%0a%0d/../.ssh
In this case, the actual path of
