User Ratings

★★★★★
★★★★
★★★
★★
67
0
0
0
2
ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

Rate This Project

Login To Rate This Project

User Reviews

  • I Really assume this program the best program I at all times tried! => consider having a look at this webiste for Free Gift Cards : www.fregifts.com

  • I absolutely consider this software the best app I ever used! => check this site for Free Goods : www.scripts4geeks.com

  • Session hijacking in GeoNetwork 3.2.1 The Functionality The application's sign out function updates the catalog search page by removing user information, generates a new JSESSIONID token (probably because it destroys the previous session), and informs its value in the URL. The Assumption By noting the jsessionid = C5AAC77B7F211548F5FD1D5ABE504BC5 excerpt in the URL suggests that session management is based on the typical JSESSIONID token of the Apache Tomcat web server. The Attack Using brute-force techniques, arbitrary values were injected into the JSESSIONID cookie until the value checked with the JSESSIONID of an authenticated profile at that time, and the system granted the attacker access as if it were the legitimate user with the same permissions. Control bypassing in GeoNetwork 3.2.1 The Functionality The system has several levels of permission, among which Registered User is the most basic. In our configuration, a registered user can not change their own registration and to guarantee this restriction when the person clicks on his own name at the top of the page requesting the link to change his profile (/srv/eng/admin.console#/ Organization / users? UserOrGroup = username), the system loads the page but redirects it to the catalog search (catalog.search). The Assumption Because the system renders the page, presumably the redirection control is in the client-side JavaScript API, it is possible to stop that redirection and fill out the form as we see fit. The Attack The redirect to the search page was stopped and the record opened. When the form was rendered, the permission fields in the groups section were locked. When saving, the JSON package carrying the data has been tampered with making the Registered User an administrator of several available groups and the system has not blocked this change in any time

  • Thanks for great project! Simply the best.Good,good,good.+1

  • very good project, thanks!Good,good,good.+1

  • very good project, thanks!Good,good,good.+1

  • Thanks for this amazing project!

  • Excellent program.Very easy and simple to use.

  • very good project, thanks!Good,good,good.+1

    1 user found this review helpful.
  • very good project, thanks!

  • very good project, thanks!

    1 user found this review helpful.
  • Excellent. Light-weight and loaded with most of the features I wanted.

  • This is great. Thank you for your work guys!

  • This version is even better, that the previous ones. Great work, that saves you a lot of time, thanks!

  • I tried it on one of my VPS servers and so far it is very smooth and error-free

  • Very useful tool, thanks!

  • Great Project . Thanks to author. keep developing.

  • Real good! The best for free!

  • I like it!

  • I use this every single day! I really liked it.

  • very flexible geosoft with great web opportunities!

  • such a great web oriented geosoft, I'm totally impressed!

  • Nice project, thanks!

  • Are there any updates available?

Show next 25 reviews >