Opened 15 years ago

Last modified 15 years ago

#618 closed Bug report

Security weakness: Traversal shows path

Reported by: erezsh Owned by:
Priority: normal Component: Other
Keywords: Cc: erezsh, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

Using a certain file request (like: ./) returns the full path
where the file lies.

For example:
ftp://www.example.com/./

Will make the address bar in IE change to:
ftp://www.example.com/C:/Documents%20and%
20Settings/Administrator/Desktop/ExampleWebSite/
(just an example).

This can be done with a simple limited read-only access
to the server.

If you have questions, my email is erez8@…

Change History (1)

comment:1 Changed 15 years ago by Tim Kosse

If you don't want to display the full path, enable "show
relative paths" for that user.

Note: See TracTickets for help on using tickets.