Current time: 11-24-2024, 04:56 AM Hello There, Guest! (LoginRegister)


Post Reply 
Critical security issue
Author Message
sci2tech Away
Senior Member
****

Posts: 1,285
Joined: Jan 2007
Reputation: 23
Post: #1
Critical security issue
Backup engine can be used to upload a symlink to an arbitrary file. Of course, that file must be accessible and readable for vuxxxx user resulting a minor issue.
Ex:
download last available backup
unpack
create in htdocs a simlink to /etc/passwd
upload in backup folder
call http://site.tld/symlink_name and you will get passwd.

PS. My trac account is unusable that’s why I use forum.
(This post was last modified: 08-29-2010 10:58 PM by sci2tech.)
08-29-2010 08:35 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
Critical security issue - sci2tech - 08-29-2010 08:35 PM
RE: Minor security issue - gOOvER - 08-29-2010, 08:59 PM
RE: Minor security issue - sci2tech - 08-29-2010, 10:58 PM
RE: Critical security issue - sci2tech - 08-30-2010, 01:17 AM
RE: Critical security issue - kilburn - 08-30-2010, 01:23 AM
RE: Critical security issue - sci2tech - 08-30-2010, 01:35 AM
RE: Critical security issue - iwik - 08-30-2010, 05:33 PM
RE: Critical security issue - sci2tech - 08-30-2010, 03:55 AM
RE: Critical security issue - kilburn - 08-30-2010, 06:44 PM
RE: Critical security issue - joximu - 08-30-2010, 07:01 PM
RE: Critical security issue - Nuxwin - 08-30-2010, 07:14 PM
RE: Critical security issue - joximu - 08-30-2010, 07:33 PM
RE: Critical security issue - BioALIEN - 08-30-2010, 11:19 PM

Forum Jump:


User(s) browsing this thread: 3 Guest(s)