Opened 21 years ago
Last modified 21 years ago
#618 closed Bug report
Security weakness: Traversal shows path
Reported by: | erezsh | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | Other |
Keywords: | Cc: | erezsh, Tim Kosse | |
Component version: | Operating system type: | ||
Operating system version: |
Description
Using a certain file request (like: ./) returns the full path
where the file lies.
For example:
ftp://www.example.com/./
Will make the address bar in IE change to:
ftp://www.example.com/C:/Documents%20and%
20Settings/Administrator/Desktop/ExampleWebSite/
(just an example).
This can be done with a simple limited read-only access
to the server.
If you have questions, my email is erez8@…
Note:
See TracTickets
for help on using tickets.
If you don't want to display the full path, enable "show
relative paths" for that user.