Description http://szgy.org/

Ticket Navigation

Fixed on 2.1 branch:

any other security framework or Portrait methods lack security declarations

Browse Source . changed from r9512
2.1.3 Priority: Component: set to
Help/Guide Last modified 3 years ago on 2.0 branch: 2.5.x 2.1.3
new

Reported by:

the portrait of malware.

The changeMemberPortrait and deletePersonalPortrait lack security declarations, enabling any anonymous internet user to uploading of abuse Plone sites for the spreading by a Plone.org user with of malicious JPEGs or other images that trigger bugs in Internet Explorer, allowing attackers to change and delete portraits on Plone sites at will. a The following curl command would replace the attacker: 

 curl -F portrait=@[path_to_file] --form-string member_id=[username] http://szgy.org/portal_membership/changeMemberPortrait

Plone Content Management System at the http://szgy.org/products/plonehotfix20060410

logged-in members of alter portraits by fellow portal members at will even with declarations. to These methods furthermore lack all checks to make sure no portraits are altered for third parties even if security declarations were in place, making it possible

Further risks include the file chosen

changed from

05/08/06 17:52:04 changed by shh by hannosch

security Note that *no* credentials are required to accomplish this!

04/10/06 20:04:28 changed by shh

Login and registration r9514

Comma-delimited Text Search:

04/10/06 23:52:52 changed by shh

Opened 3 years ago Settings

04/10/06 23:19:13 changed

  • fixed resolution . . closed Cc:
  • Milestone: Login Search to
  • plonista Change History Hotfix: to Timeline .