spacer.gif, 0 kB
URD logo   April 20, 2018, 12:33:03

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Pages: [1]
Author Topic: Big security issue  (Read 2989 times)

Posts: 1

View Profile
« on: February 25, 2012, 12:49:11 »

Hi there

I found a big security issue allowing a user to browse the full server root through the dowload file browser.

How to reproduce :
Create a basic user, log in with it.
Then, log out and log in as admin, edit this user and change his username.
Log in with the new username and browse file => you'll be set to the "/" of the server !!

URD version reported : 1.2.0
Server : GNU/Linux Debian Squeeze amd64
Posts: 1184

View Profile WWW
« Reply #1 on: February 25, 2012, 16:22:02 »

Thanx for reporting this. I'll have a look at it and see if I can fix it.
Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines
Amigri by Fakdordes
spacer.gif, 0 kB
spacer.gif, 0 kB
spacer.gif, 0 kB