Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
View source of any file on server (PHP end not already parsed code)
#1
Just take a look at the link below for example:

Code:
http://demo.opensourcecms.com/getsimple/admin/download.php?file=/home/opencms/public_html/demo/getsimple/index.php

I can view the pre-parsed code from any file on the server (that the user (of the server) it's on has access to)

Just droppin' a note Smile
Reply
#2
Thanks for telling us about this. We already use a parser to stop you from being able to use “../” but we didn’t think about absolute paths. This will be fixed in the next update.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#3
Only if logged in to the admin panel, though, correct?

-Rob A>
Reply
#4
RobA Wrote:Only if logged in to the admin panel, though, correct?
Yes, only if logged in. download.php checks your login before allowing you to download anything.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply




Users browsing this thread: 1 Guest(s)