Context Navigation

← Previous Ticket
Next Ticket →

Modify ↓

Ticket #13848 (assigned defect)

Last modified 15 months ago

Can view the contents of any file on the server

Reported by:	anonymous	Owned by:
Priority:	critical	Component:	General
Version:	5.2	Keywords:
Cc:		Time planned:	1d
Time remaining:	1d	Time spent:	1d

Description

Using a specially crafted URL a user can view the contents of any file on the server, not just those in the webroot.

Naturally, I do not want to submit the URL here as that would be bad. Please contact me via email via savacms at damaged dash cyco dot com and I'll provide you with the information.

Thanks, Kevin

Attachments

Change History

comment:1 Changed 17 months ago by blueriver

Status changed from new to assigned

Real

comment:2 Changed 15 months ago by mattlevine

Owner blueriver deleted
Component changed from v5 to General

View ↑

Add a comment

You may use WikiFormatting here.

Modify Ticket

Action

leave as assigned

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Attachments ↑

Note: See TracTickets for help on using tickets.

Download in other formats: