search

dates1967 / simpleinvoices

Automatically exported from code.google.com/p/simpleinvoices
GNU General Public License v3.0
0 stars 0 forks source link

Security: Directory Traversal in Module Parameter #249

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
The application allows local file reading on the server.

What steps will reproduce the problem?
1. Include the name of the file you want to read in the module parameter 
followed by a \00 to end the string.
2. OR Click the following link to see the contents of the passwd file for the 
demo server: 
http://demo.simpleinvoices.org/index.php?module=..%2f..%2f..%2f..%2f..%2f..%2f..
%2f..%2f..%2fetc%2fpasswd%00p
3. Profit

What is the expected output? What do you see instead?

I would expect that Simple Invoices would sanitize the module parameter.

What version of the product are you using? On what operating system? Have
you got any extensions enabled?

Please provide any additional information below.

Original issue reported on code.google.com by matthewj...@gmail.com on 7 Jan 2014 at 12:52

Attachments: