Project

General

Profile

Support #327

Security issue with PHP Android String Translation Tool (PASTT)

Added by Vladimir Rutsky almost 9 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
High
Category:
-
Target version:
-
Start date:
12/25/2010
Due date:
% Done:

0%

Estimated time:
Close

Description

Hello,

PASTT script used at http://dev.beem-project.com/translation/ has insufficient input sanitization: https://code.google.com/p/android-php-translator/issues/detail?id=13

By exploiting this vulnerability remote user can create arbitrary directory in file system and possible retrieve or modify some other web server information (with permissions of PHP interpreter).

--
Vladimir Rutsky

History

#2 Updated by Frédéric Barthéléry almost 9 years ago

  • Status changed from New to Assigned
  • Assignee set to Vincent Véronis
  • Priority changed from Urgent to High

Thanks for the report. The translation site is now disabled until we got a solution.
Merry Christmas ^^

#3 Updated by Nikita Kozlov about 8 years ago

  • Status changed from Assigned to Resolved

#4 Updated by Frédéric Barthéléry almost 8 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF