Support #327: Security issue with PHP Android String Translation Tool (PASTT) - BEEM - Android XMPP - BEEM - Android XMPP Application

Support #327

Security issue with PHP Android String Translation Tool (PASTT)

Added by Vladimir Rutsky over 13 years ago. Updated about 12 years ago.

Status:

Closed

Priority:

High

Assignee:

Vincent Véronis

Category:

Target version:

Start date:

12/25/2010

Due date:

% Done:

Estimated time:

Description

Hello,

PASTT script used at http://dev.beem-project.com/translation/ has insufficient input sanitization: https://code.google.com/p/android-php-translator/issues/detail?id=13

By exploiting this vulnerability remote user can create arbitrary directory in file system and possible retrieve or modify some other web server information (with permissions of PHP interpreter).

--
Vladimir Rutsky

Updated by Vladimir Rutsky over 13 years ago

Ops, correct PASTT location is http://dev.beem-project.com/translation/index.php

Updated by Frédéric Barthéléry over 13 years ago

Status changed from New to Assigned
Assignee set to Vincent Véronis
Priority changed from Urgent to High

Thanks for the report. The translation site is now disabled until we got a solution.
Merry Christmas ^^

Updated by Nikita Kozlov over 12 years ago

Status changed from Assigned to Resolved

Updated by Frédéric Barthéléry about 12 years ago

Status changed from Resolved to Closed

Also available in: Atom PDF

Project

General

Profile

BEEM - Android XMPP