Opened 13 years ago

Closed 13 years ago

#1028 closed Defect (fixed)

Minor Vulnerability in DB Abstraction Layer

Reported by: jbboehr Owned by: davea
Priority: Trivial Milestone: Undetermined
Component: Web - Project Version: 6.10.58
Keywords: Cc:

Description

This probably can't be used to do much, but it's generally not considered a good thing.

DBNAME gets replaced with the database name in user input.

Screenshot from MilkyWay?@Home Web UI:

http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs997.snc4/77072_10150099097756745_507541744_7647228_629037_n.jpg

Attachments (1)

boinc-php-fun.png (4.8 KB) - added by jbboehr 13 years ago.

Download all attachments as: .zip

Change History (2)

Changed 13 years ago by jbboehr

Attachment: boinc-php-fun.png added

comment:1 Changed 13 years ago by davea

Resolution: fixed
Status: newclosed

(In [22748]) - web: remove DBNAME hack, which allowed users to see the DB name

(not a big deal, but bad form). Fixes #1028

Note: See TracTickets for help on using tickets.