View Issue Details

IDProjectCategoryView StatusLast Update
0000157Main CAcert Websitesource codepublic2013-01-14 01:22
ReporterbluecAssigned To 
PrioritylowSeverityminorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2006 
Summary0000157: index/0.php uses initialized $rss
DescriptionIn index/0.php the first use of $rss is

      $rss .= trim(fgets($fp, 4096));

I couldn't exploit it yet so I suspect I've done something wrong (probably my injected XML was bad). But it should be possible to inject news into the start page using a specially crafted URL (only for a single user following this URL and not permanently).

$rss should be initialized before use.
TagsNo tags attached.
Reviewed by
Test Instructions

Activities

duane

2006-03-05 22:25

developer   ~0000102

fixed, new tar ball online

Issue History

Date Modified Username Field Change
2006-03-05 22:13 bluec New Issue
2006-03-05 22:25 duane Status new => closed
2006-03-05 22:25 duane Note Added: 0000102
2006-03-05 22:25 duane Resolution open => fixed
2006-03-05 22:25 duane Fixed in Version => production
2013-01-14 01:22 Werner Dworak Fixed in Version => 2006