RTH - Requirements and Testing Hub

Tracker: Bugs

9 [Exploit] download.php - ID: 1896983

Last Update: Comment added ( peter_thal )

Details:

Hello,

while fixing the rth-fork TRUC, I noticed that RTH has also the same
exploit available.

Appearently you can do teh following:
/download.php?upload_filename=config_inc.php
and receive the whole config-file with passwords!

See that file:
http://rth.cvs.sourceforge.net/rth/rth/download.php?revision=1.2&view=marku
p

Kind regards,
Jan (DracoBlue)

Submitted:

Jan Schütze ( dracoblue ) - 2008-02-19 15:02

Priority:

Status:

Closed

Resolution:

None

Assigned:

Peter T.

Category:

None

Group:

None

Visibility:

Public

Comments ( 5 )

Date: 2008-07-10 08:36 Sender: peter_thal fixed security leak in download.php thanks to DracoBlue for that link
Date: 2008-07-10 08:01 Sender: dracoblue > Thanks a lot - we will use your fix for the next release? Go for it, it's GPL :). Kind regards, Jan (DracoBlue)
Date: 2008-06-06 08:02 Sender: sca_gs Thanks a lot - we will use your fix for the next release?
Date: 2008-02-23 00:36 Sender: andorin Thanks for the heads up on this. I didnt know TRUC was an RTH-fork? Glad to see reuse though!!
Date: 2008-02-19 16:11 Sender: dracoblue You may find a fixed download.php here: http://truc.svn.sourceforge.net/viewvc/truc/trunk/truc/download.php?view=markup Kind regards, Jan (DracoBlue)

Log in to comment.

Attached File

Changes ( 5 )

Field	Old Value	Date	By
status_id	Open	2008-07-10 08:36	peter_thal
close_date	-	2008-07-10 08:36	peter_thal
assigned_to	cryobean	2008-07-10 07:18	sca_gs
priority	5	2008-06-06 08:02	sca_gs
assigned_to	nobody	2008-06-06 07:25	sca_gs

RTH - Requirements and Testing Hub

Tracker: Bugs

Comments ( 5 )

Log in to comment.

Attached File

No Files Currently Attached

Changes ( 5 )

About SourceForge

Find Software

Develop Software

Community

Help