Title: Arbitrary file retrieval
Type: security Severity: normal
Components: website Versions:
Status: closed Resolution: invalid
Dependencies: Superseder:
Assigned To: Nosy List: deadshot, fwierzbicki, jeff.allen
Priority: Keywords:

Created on 2018-05-08.08:07:36 by deadshot, last changed 2018-08-24.17:01:32 by jeff.allen.

File name Uploaded Description Edit Remove deadshot, 2018-05-08.08:07:35 File contains POC sceen shots of hot to retrieve arbitrary files
msg11964 (view) Author: Jeff Allen (jeff.allen) Date: 2018-05-08.22:13:45
Thanks for your interest in the security of and for going to the trouble of assembling this report.

If there were a problem here, it would be with, not with But I think there isn't.

In the page you've generated, these (relative) links don't actually go anywhere. However, a working page much like it is accessible from the search page: Follow the BROWSE link to:

These appear all to be files that is happy to give you.
Date User Action Args
2018-08-24 17:01:32jeff.allensetstatus: pending -> closed
severity: normal
2018-05-08 22:13:46jeff.allensetstatus: open -> pending
severity: major -> (no value)
versions: - Jython 2.7.4
nosy: + jeff.allen, fwierzbicki
title: Arbitraty file retreival -> Arbitrary file retrieval
messages: + msg11964
resolution: invalid
2018-05-08 08:07:36deadshotcreate