spacer.gif, 0 kB
URD logo   October 26, 2014, 07:05:44

 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: Big security issue  (Read 999 times)
olafkewl

Posts: 1


View Profile
« on: February 25, 2012, 12:49:11 »

Hi there

I found a big security issue allowing a user to browse the full server root through the dowload file browser.

How to reproduce :
Create a basic user, log in with it.
Then, log out and log in as admin, edit this user and change his username.
Log in with the new username and browse file => you'll be set to the "/" of the server !!

URD version reported : 1.2.0
Server : GNU/Linux Debian Squeeze amd64
Logged
spearhead
Administrator
*
Posts: 1145


View Profile WWW
« Reply #1 on: February 25, 2012, 16:22:02 »

Thanx for reporting this. I'll have a look at it and see if I can fix it.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Amigri by Fakdordes
spacer.gif, 0 kB
spacer.gif, 0 kB
spacer.gif, 0 kB