This page requires java-script to be enabled. Please adjust your browser-settings.
streber
PM
Login
|
Register
Home
Recent changes
Your Tasks
Efforts
Bookmarks
Overall changes
P
rojects
for
streber commun...
streber
People
Companies
S
earch:
streber
>
Tasks
|
Topics
|
Milestones
|
Versions
|
Files
|
Changes
Help
Bug (new)
path disclosure vulnerability
/
#7934
Move
Bookmark
Summary
For Milestone
v0.069 - security
Status
new
Opened
May 20, 2009
Created
May 20, 2009
/
guest
Modified
May 20, 2009
/
guest
Publish to
suggested
Attached files
No files uploaded
Move files
Mark as bookmark
if url parameter "go" set to array []
every person (hacker) can see absolute install path.
Issue report
Severity
Minor
Reproducibility
Always
Platform
Apache/2.2.8 Server, PHP5.2.4
Version
0.0902
Build
???
Steps to reproduce
http://www.streber-pm.org/demo/index.php?go[]=projViewEffortCalculations&prj=4320
if url parameter "go" set to array []
every person (hacker) can see absolute install path.
Suggested Solution
check whether parameter "go" is array
No Comments