View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000157 | Main CAcert Website | source code | public | 2006-03-05 22:13 | 2013-01-14 01:22 |
| Reporter | Assigned To | ||||
| Priority | low | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2006 | ||||
| Summary | 0000157: index/0.php uses initialized $rss | ||||
| Description | In index/0.php the first use of $rss is $rss .= trim(fgets($fp, 4096)); I couldn't exploit it yet so I suspect I've done something wrong (probably my injected XML was bad). But it should be possible to inject news into the start page using a specially crafted URL (only for a single user following this URL and not permanently). $rss should be initialized before use. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-03-05 22:13 |
|
New Issue | |
| 2006-03-05 22:25 | duane | Status | new => closed |
| 2006-03-05 22:25 | duane | Note Added: 0000102 | |
| 2006-03-05 22:25 | duane | Resolution | open => fixed |
| 2006-03-05 22:25 | duane | Fixed in Version | => production |
| 2013-01-14 01:22 | Werner Dworak | Fixed in Version | => 2006 |
