[Xerte] Quiz Security

David Goodwin david at palepurple.co.uk
Wed Dec 10 14:25:46 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Patrick Lockley wrote:
> I always thought there would be.
> 
> Care to point out where? 
> 


For example :


modules/xerte/engine/upload.php : appears to use the user specified file
name in the resultant path (what if it contains ../ etc?)

setup: somehow needs disabling (e.g. creating a .htaccess file?) after
it's been run once

modules/xerte/engine/save.php : what if $_POST['filename'] contained ../
? could someone overwrite something they shouldn't be able to? It
blindly accepts $_POST['template_id'] in a DB query - should sanitise
it, else you risk sql injection....


thanks
David.


- --
 David Goodwin                          Pale Purple Limited
 Office: 0845 0046746                   Mobile: 07792380669
 http://www.palepurple.co.uk            Company No: 5580814
 'Business Web Application Development and Training in PHP'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJP9Fq/ISo3RF5V6YRApG6AKCLR1GPHhv2V+zJa7fKrHzkoEA8EQCfb52X
yBQR6uD64adtPyt0drJOKLQ=
=lGsp
-----END PGP SIGNATURE-----


More information about the Xerte mailing list