[Xerte] Quiz Security
David Goodwin
david at palepurple.co.uk
Wed Dec 10 14:25:46 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patrick Lockley wrote:
> I always thought there would be.
>
> Care to point out where?
>
For example :
modules/xerte/engine/upload.php : appears to use the user specified file
name in the resultant path (what if it contains ../ etc?)
setup: somehow needs disabling (e.g. creating a .htaccess file?) after
it's been run once
modules/xerte/engine/save.php : what if $_POST['filename'] contained ../
? could someone overwrite something they shouldn't be able to? It
blindly accepts $_POST['template_id'] in a DB query - should sanitise
it, else you risk sql injection....
thanks
David.
- --
David Goodwin Pale Purple Limited
Office: 0845 0046746 Mobile: 07792380669
http://www.palepurple.co.uk Company No: 5580814
'Business Web Application Development and Training in PHP'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJP9Fq/ISo3RF5V6YRApG6AKCLR1GPHhv2V+zJa7fKrHzkoEA8EQCfb52X
yBQR6uD64adtPyt0drJOKLQ=
=lGsp
-----END PGP SIGNATURE-----
More information about the Xerte
mailing list