View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000157 | Main CAcert Website | source code | public | 2006-03-05 22:13 | 2013-01-14 01:22 |
Reporter | Assigned To | ||||
Priority | low | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2006 | ||||
Summary | 0000157: index/0.php uses initialized $rss | ||||
Description | In index/0.php the first use of $rss is $rss .= trim(fgets($fp, 4096)); I couldn't exploit it yet so I suspect I've done something wrong (probably my injected XML was bad). But it should be possible to inject news into the start page using a specially crafted URL (only for a single user following this URL and not permanently). $rss should be initialized before use. | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2006-03-05 22:13 |
|
New Issue | |
2006-03-05 22:25 | duane | Status | new => closed |
2006-03-05 22:25 | duane | Note Added: 0000102 | |
2006-03-05 22:25 | duane | Resolution | open => fixed |
2006-03-05 22:25 | duane | Fixed in Version | => production |
2013-01-14 01:22 | Werner Dworak | Fixed in Version | => 2006 |