Trustico code injection

[Hanno Böck via dev-security-policy]

Hi,

On twitter there are currently some people poking Trustico's web
interface and found trivial script injections:
https://twitter.com/svblxyz/status/969220402768736258

Which seem to run as root:
https://twitter.com/cujanovic/status/969229397508153350

I haven't tried to reproduce it, but it sounds legit.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy