Merge branch 'master' of https://git.lolcat.ca/lolcat/4get

path traversal exploit (this is what you get for using free software)
2025-03-02 21:58:34 -05:00 · 2025-03-02 21:58:18 -05:00
1 changed files with 6 additions and 1 deletions
--- a/favicon.php
+++ b/favicon.php
@ -15,7 +15,12 @@ class favicon{
 		
 		header("Content-Type: image/png");
 		
-		if(substr_count($url, "/") !== 2){
+		if(
+			preg_match(
+				'/^https?:\/\/[A-Za-z0-9.-]+$/',
+				$url
+			) === 0
+		){
 			
 			header("X-Error: Only provide the protocol and domain");
 			$this->defaulticon();
Author	SHA1	Message	Date
lolcat	c9c8d578f3	Merge branch 'master' of https://git.lolcat.ca/lolcat/4get	2025-03-02 21:58:34 -05:00
lolcat	b2203804c7	path traversal exploit (this is what you get for using free software)	2025-03-02 21:58:18 -05:00