<<< Date Index >>>     <<< Thread Index >>>

Re: Re: Menu Manager Mod for WebAPP - No Input Filtering



Is this new report valid or is it just web-app.net blowing smoke? WebAPP at 
web-app.org has received no mention of it, cannot find any sites that have been 
hacked, and has not found this problem in source code. With this version's 
current download count at 1490, there have been no reports of anyone having 
been exploited. Statement "Guests can edit files on the server by:
http://victim-domain/cgi-bin/index.cgi?action=menu"; is true, if said Guests are 
registered members. This is by design. So far we are unaware of a problem with 
it other than Mr. Elpeleg's post.