FUD Full Path Disclosure in

sebsauvage / Shaarli

The personal, minimalist, super-fast, no-database delicious clone.

http://sebsauvage.net/wiki/doku.php?id=php:shaarli

Other

676 stars 390 forks source link

FUD Full Path Disclosure in #222

Open TeamAlexandriZ opened 9 years ago

TeamAlexandriZ commented 9 years ago

Hi, Shaarli 0.0.41 beta is prone to FPD (Full Path Disclosure) : Cookie input shaarli was set to nothing or long value as c0ZqcWF3VFE2NmJBdm1HMVQ0ZHJ3UmZPbTFsNGhkNHI=

error found : Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /var/www/FUD This cookie input affect the site shaarli.fr too. See screen

Knah-Tsaeb commented 9 years ago

This issue affect Shaarli and all fork I think. Thanks for reporting.

© Githubissues.

Githubissues is a development platform for aggregating issues.