HTML injection possible when viewing files
Brought to you by:
vival
fixed.
now, View.php check if the desired file contains one of
the Root paths.
if yes, all is ok, but if no - then it gives security violation
and exits.
also added function IntrusionNotifyExt that can accept
extended description and print it withinh alert box.
Logged In: YES
user_id=1138713
updated:
now, Viiew.php checks that root is at the beginning of the
filename.also it checks that filename does not contain ../
and /.. - so it should prevent access beyond desired root.
(like /home/kuba/../../etc/passwd - it won't work now).
editing and saving files is still vulnerable. will fix....
Logged In: YES
user_id=1138713
fixed those four if statements.
prevoius version was invulnerable to injection like
/home/kuba/../../etc/passwd but vulnerable to simple
/etc/passwd ;-). now both cases are detected.
fixed again