Opened 19 years ago

Last modified 19 years ago

#618 closed Bug report

Security weakness: Traversal shows path

Reported by: erezsh Owned by:
Priority: normal Component: Other
Keywords: Cc: erezsh, Tim Kosse
Component version: Operating system type:
Operating system version:


Using a certain file request (like: ./) returns the full path
where the file lies.

For example:

Will make the address bar in IE change to:
(just an example).

This can be done with a simple limited read-only access
to the server.

If you have questions, my email is erez8@…

Change History (1)

comment:1 by Tim Kosse, 19 years ago

If you don't want to display the full path, enable "show
relative paths" for that user.

Note: See TracTickets for help on using tickets.