Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Possible Exploit?
I found this recently and I it made me think that GS could be susceptible.
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
We are putting a path infront of the $_GET['id'], so you shouldn’t be able to get it to read an external file:
$file = "data/pages/". $id .".xml"
It also tests for file existence, and it will report something like "data/pages/" to not exist.

So no, I think this won’t be a problem on the GetSimple front-end.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!

Users browsing this thread: 1 Guest(s)