search

power-media / prado3

Automatically exported from code.google.com/p/prado3
Other
0 stars 0 forks source link

Input validation vulnerability in unit test #444

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
A member of  "Zero Science Lab" identified an input validation vulnerability in 
the script the we use to bootstrap our unit tests to Selenium.
Here's a link to he original advisory: 
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5113.php
Here's the relevant bugtraq entry: http://www.securityfocus.com/bid/56677
Unfortunately we did not receive any communication of the problem by the 
original authors of the advisory, and they didn't even post it on bugtraq ml or 
full-disclosure ml.
Anyway, this vuln ca be triggered only if you are exposing prado's timetracker 
demo or the tests/ directory to the web.

Original issue reported on code.google.com by ctrlal...@gmail.com on 22 Feb 2013 at 4:30

GoogleCodeExporter commented 8 years ago 
Fixed in r3276

Original comment by ctrlal...@gmail.com on 22 Feb 2013 at 4:47