A member of "Zero Science Lab" identified an input validation vulnerability in
the script the we use to bootstrap our unit tests to Selenium.
Here's a link to he original advisory:
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5113.php
Here's the relevant bugtraq entry: http://www.securityfocus.com/bid/56677
Unfortunately we did not receive any communication of the problem by the
original authors of the advisory, and they didn't even post it on bugtraq ml or
full-disclosure ml.
Anyway, this vuln ca be triggered only if you are exposing prado's timetracker
demo or the tests/ directory to the web.
Original issue reported on code.google.com by ctrlal...@gmail.com on 22 Feb 2013 at 4:30
Original issue reported on code.google.com by
ctrlal...@gmail.com
on 22 Feb 2013 at 4:30