[phpwscontacts] [ phpwscontacts-Bugs-940306 ] Vulnerability detected!
Brought to you by:
rizzo,
wendall911
Menu
▾
▴
[phpwscontacts] [ phpwscontacts-Bugs-940306 ] Vulnerability detected!
|
From: SourceForge.net <no...@so...> - 2004-04-22 20:28:35
|
Bugs item #940306, was opened at 2004-04-22 22:28 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=570207&aid=940306&group_id=83662 Category: Interface Group: None Status: Open Resolution: None Priority: 5 Submitted By: Paul (lostboyscout) Assigned to: Nobody/Anonymous (nobody) Summary: Vulnerability detected! Initial Comment: There's serious flaw in the security of the phpcontacts (v0.7.1 and maybe higher!) module: you can directly link to the CSV-file of all contacts without logging in! I accidently searched google with "cgk-bol.nl" (my domain) and found out that one of the first links in Google linked to the downloadable phpwscontacts CSV file! (URL: http://www.phpwebsitemanual.com/index.php? module=phpwscontacts&CONTACTS_MAN_OP=exportcsv ) It also happened while visiting other phpws-sites. I tested my own site myself (v0.9.3-1) and I got (luckily!) an error. Maybe because I used phpwscontacts v0.7.1 in combination with the pagemasterhack or other modules. Paul ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=570207&aid=940306&group_id=83662 |
