Changes between Initial Version and Version 1 of Ticket #11295, comment 1
- Timestamp:
- Sep 8, 2013, 5:05:54 AM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #11295, comment 1
initial v1 1 1 No. If without the assertion, a remote attacker can retrieve the system file using like this. 2 2 {{{ 3 http://example.org/chrome/site/..%2Fconf%2Ftrac.ini 3 4 http://example.org/chrome/common/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd 4 5 }}}