Support #327: Security issue with PHP Android String Translation Tool (PASTT) - BEEM - Android XMPP - BEEM - Android XMPP Application

Copy

Support #327

Security issue with PHP Android String Translation Tool (PASTT)

Added by Vladimir Rutsky over 1 year ago. Updated 4 months ago.

Status:

Closed

Start date:

12/25/2010

Priority:

High

Due date:

Assignee:

Vincent Véronis

% Done:

Category:

Target version:

Description

Hello,

PASTT script used at http://dev.beem-project.com/translation/ has insufficient input sanitization: https://code.google.com/p/android-php-translator/issues/detail?id=13

By exploiting this vulnerability remote user can create arbitrary directory in file system and possible retrieve or modify some other web server information (with permissions of PHP interpreter).

--
Vladimir Rutsky

History

#1 Updated by Vladimir Rutsky over 1 year ago

Ops, correct PASTT location is http://dev.beem-project.com/translation/index.php

#2 Updated by Frédéric Barthéléry over 1 year ago

Status changed from New to Assigned
Assignee set to Vincent Véronis
Priority changed from Urgent to High

Thanks for the report. The translation site is now disabled until we got a solution.
Merry Christmas ^^

#3 Updated by Nikita Kozlov 6 months ago

Status changed from Assigned to Resolved

#4 Updated by Frédéric Barthéléry 4 months ago

Status changed from Resolved to Closed

Copy

Also available in: Atom PDF

BEEM - Android XMPP

Issues

Custom queries