May 22, 2013, 15:01:06
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Home
Help
Search
Login
Register
URD Forum
>
General Category
>
Technical Problems
>
Big security issue
Pages: [
1
]
« previous
next »
Print
Author
Topic: Big security issue (Read 474 times)
olafkewl
Posts: 1
Big security issue
«
on:
February 25, 2012, 12:49:11 »
Hi there
I found a big security issue allowing a user to browse the full server root through the dowload file browser.
How to reproduce :
Create a basic user, log in with it.
Then, log out and log in as admin, edit this user and change his username.
Log in with the new username and browse file => you'll be set to the "/" of the server !!
URD version reported : 1.2.0
Server : GNU/Linux Debian Squeeze amd64
Logged
spearhead
Administrator
Posts: 1038
Re: Big security issue
«
Reply #1 on:
February 25, 2012, 16:22:02 »
Thanx for reporting this. I'll have a look at it and see if I can fix it.
Logged
Pages: [
1
]
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
General Category
-----------------------------
=> General Discussion
=> Recruitment
=> Technical Problems
=> Features
Loading...
