Edgewall Software

Changes between Initial Version and Version 1 of Ticket #11295, comment 1


Ignore:
Timestamp:
Sep 8, 2013, 5:05:54 AM (6 years ago)
Author:
Jun Omae

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #11295, comment 1

    initial v1  
    11No. If without the assertion, a remote attacker can retrieve the system file using like this.
    22{{{
     3http://example.org/chrome/site/..%2Fconf%2Ftrac.ini
    34http://example.org/chrome/common/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
    45}}}