webERP Forum webERP Discussion Problems / Bugs? v
*** Serious vulnerability

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
*** Serious vulnerability
02-19-2014, 07:28 PM,
#7
Forums Offline
Senior Member
****
 		Posts: 155
Threads: 9
Joined: Jan 2014
RE: Potential vulnerability
So a TB is available to any user without logging in?? You are right I have just tried it. A quick search for internet facing webERP installations shows I can download any TB just by changing the URL. This is quite frightening really, the vulnerability is worse than I thought. I think Jo's code on the company names actually breaks this script so anybody with 4.11.2 or greater should be ok, but less than that your TB is available to all.

If this script is part of a commercial addon it should really just be distributed with that and a big warning.

Tim
Website Find
Reply


Messages In This Thread
*** Serious vulnerability - by Forums - 02-15-2014, 10:46 PM
RE: Potential vulnerability - by agaluski - 02-18-2014, 12:00 AM
RE: Potential vulnerability - by Forums - 02-18-2014, 12:33 AM
RE: Potential vulnerability - by icedlava - 02-19-2014, 06:00 PM
RE: Potential vulnerability - by phil - 02-19-2014, 06:24 PM
RE: Potential vulnerability - by icedlava - 02-19-2014, 06:30 PM
RE: Potential vulnerability - by Forums - 02-19-2014, 07:28 PM
RE: Potential vulnerability - by icedlava - 02-19-2014, 08:55 PM
RE: Potential vulnerability - by Forums - 02-19-2014, 09:12 PM
RE: Potential vulnerability - by icedlava - 02-19-2014, 10:24 PM
RE: *** Serious vulnerability - by Forums - 02-19-2014, 10:30 PM
RE: *** Serious vulnerability - by icedlava - 02-19-2014, 10:38 PM
RE: *** Serious vulnerability - by Forums - 02-19-2014, 11:22 PM
RE: *** Serious vulnerability - by jo lwebuga - 02-20-2014, 02:35 AM
RE: *** Serious vulnerability - by phil - 02-20-2014, 01:00 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)