Menu

#3 access to complete filesystem

v1.4
open
code (3)
5
2008-03-26
2006-08-16
Julian Ladisch
No

In OSADS-1.4 using
http://localhost/OSADS-1.4/?menu=2&langfile=/etc/passwd
at the end of the URL allows to view any file of
the filesystem of the webserver. Simply put the
desired filename at the place of /etc/passwd.

This is a security problem.

Discussion

  • Julian Ladisch

    Julian Ladisch - 2006-08-16
    • assigned_to: nobody --> sebwan
     

  • tosch_de

    tosch_de - 2006-08-19

    Logged In: YES
    user_id=1578685

    A possible solution is described here:
    http://osads.sourceforge.net/viewtopic.php?t=80

     

  • Yggdrasil

    Yggdrasil - 2008-03-26
    • milestone: --> v1.4
     

Log in to post a comment.

MongoDB Logo MongoDB