[Koha-bugs] [Bug 6628] [security] help system use insecure REFERRER for file inclusion
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Nov 25 19:46:47 CET 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6628
--- Comment #2 from Chris Cormack <chris at bigballofwax.co.nz> 2011-11-25 18:46:47 UTC ---
Please test
You can test by fudging the referrer, or by passing a url=bogus value
http://localhost:8080/cgi-bin/koha/help.pl?url=koha/../../../../../../etc/passwd%00.pl
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list