Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
*** Serious vulnerability
02-19-2014, 07:28 PM
Post: #7
RE: Potential vulnerability
So a TB is available to any user without logging in?? You are right I have just tried it. A quick search for internet facing webERP installations shows I can download any TB just by changing the URL. This is quite frightening really, the vulnerability is worse than I thought. I think Jo's code on the company names actually breaks this script so anybody with 4.11.2 or greater should be ok, but less than that your TB is available to all.

If this script is part of a commercial addon it should really just be distributed with that and a big warning.

Tim
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
*** Serious vulnerability - Forums - 02-15-2014, 10:46 PM
RE: Potential vulnerability - agaluski - 02-18-2014, 12:00 AM
RE: Potential vulnerability - Forums - 02-18-2014, 12:33 AM
RE: Potential vulnerability - icedlava - 02-19-2014, 06:00 PM
RE: Potential vulnerability - phil - 02-19-2014, 06:24 PM
RE: Potential vulnerability - icedlava - 02-19-2014, 06:30 PM
RE: Potential vulnerability - Forums - 02-19-2014 07:28 PM
RE: Potential vulnerability - icedlava - 02-19-2014, 08:55 PM
RE: Potential vulnerability - Forums - 02-19-2014, 09:12 PM
RE: Potential vulnerability - icedlava - 02-19-2014, 10:24 PM
RE: *** Serious vulnerability - Forums - 02-19-2014, 10:30 PM
RE: *** Serious vulnerability - icedlava - 02-19-2014, 10:38 PM
RE: *** Serious vulnerability - Forums - 02-19-2014, 11:22 PM
RE: *** Serious vulnerability - jo lwebuga - 02-20-2014, 02:35 AM
RE: *** Serious vulnerability - phil - 02-20-2014, 01:00 PM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)