Re: Re: Menu Manager Mod for WebAPP - No Input Filtering
Is this new report valid or is it just web-app.net blowing smoke? WebAPP at
web-app.org has received no mention of it, cannot find any sites that have been
hacked, and has not found this problem in source code. With this version's
current download count at 1490, there have been no reports of anyone having
been exploited. Statement "Guests can edit files on the server by:
http://victim-domain/cgi-bin/index.cgi?action=menu" is true, if said Guests are
registered members. This is by design. So far we are unaware of a problem with
it other than Mr. Elpeleg's post.