fmisa / gwtupload

Automatically exported from code.google.com/p/gwtupload
Other
0 stars 0 forks source link

jsupload.cgi.pl security issues #166

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
In the function writeItemContent, a directory traversal vulnerability allows an 
attacker to read any file from the system.

Original issue reported on code.google.com by manuel.carrasco.m on 30 Nov 2012 at 9:21

GoogleCodeExporter commented 8 years ago
Fixed with revision f42592345e819a98c4b10a8a08fe408b601b5db6

A new version of the library (0.6.5) have been published with the fix and it is 
available in maven public repositories 
http://repo1.maven.org/maven2/com/googlecode/gwtupload/jsupload/0.6.5/ 

Original comment by manuel.carrasco.m on 30 Nov 2012 at 9:25

GoogleCodeExporter commented 8 years ago

Original comment by manuel.carrasco.m on 30 Nov 2012 at 9:25

GoogleCodeExporter commented 8 years ago
The issue is fully explained at http://www.pwnani.com/

Original comment by manuel.carrasco.m on 30 Nov 2012 at 9:38