Users can still hack via URL

thehadeeryounis / ss-scrum-tool

Automatically exported from code.google.com/p/ss-scrum-tool

0 stars 0 forks source link

Users can still hack via URL #572

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1.Go to this link http://smarterscrum.info/projects?id=1

What is the expected output? What do you see instead?
Expected an Access denied, not found or anything.
Instead, I see something similar to CRUD view =)

Original issue reported on code.google.com by eminem.v...@gmail.com on 11 Jan 2011 at 10:43

Attachments:

Screenshot-3.png

GoogleCodeExporter commented 8 years ago

Same with the following links that seem not be handled at all cuz play returns 
an error.

http://smarterscrum.info/show/users
http://smarterscrum.info/show/projects

Original comment by eminem.v...@gmail.com on 17 Jan 2011 at 4:32

Attachments:

Screenshot.png