#16 security vulnerability

[Ismail El Helw]

you have a vulnerability in the file install.php. After you do an installation and set up your first admin account, any other person can create an admin account and take over.

look at the following html file:
--BEGIN HTML--
<html>
<body>
<form method="post" action="http://yourhost/torrentvolve/install.php">
<input name="UserName" value="your_new_user_name" />
</form>
</body>
</html>
--END HTML--

if you submit this form it will cause the install.php file to forward you to the setup and hence make a new installation.

just trying to help
keep up the good work

[Nexus Six]

Logged In: YES
user_id=1680330
Originator: NO

I'll have to make sure by looking at the svn code, but as far as I'm aware Darkninja has addressed this bug. If he has, I'll see if I can track down one of the admins to verify it suits their fancy so that we can mark the bug as squashed.