Support #327: Security issue with PHP Android String Translation Tool (PASTT) - BEEM - Android XMPP - BEEM - Android XMPP Application

Support #327

Security issue with PHP Android String Translation Tool (PASTT)

Added by Vladimir Rutsky over 13 years ago. Updated over 12 years ago.

Status:

Closed

Priority:

High

Assignee:

Vincent Véronis

Category:

Target version:

Start date:

12/25/2010

Due date:

% Done:

Estimated time:

Description

Hello,

PASTT script used at http://dev.beem-project.com/translation/ has insufficient input sanitization: https://code.google.com/p/android-php-translator/issues/detail?id=13

By exploiting this vulnerability remote user can create arbitrary directory in file system and possible retrieve or modify some other web server information (with permissions of PHP interpreter).

--
Vladimir Rutsky

History
Notes
Property changes

Also available in: Atom PDF

Project

General

Profile

BEEM - Android XMPP

Custom queries

Support #327

Security issue with PHP Android String Translation Tool (PASTT)

Updated by Vladimir Rutsky over 13 years ago

Updated by Frédéric Barthéléry over 13 years ago

Updated by Nikita Kozlov over 12 years ago

Updated by Frédéric Barthéléry over 12 years ago