Trac 0.10.4 Ticket Navigation

(closed Bug: fixed)

Comma-delimited Text

any other security framework or Portrait methods lack security declarations

Component: mj Milestone: critical
Hotfix: Search: Help/Guide security
Reported by: Last modified 2 years ago plonista Roadmap
By

changed from

the attacker:

Further risks include the spreading of a Plone.org user with the uploading of change and delete portraits by Plone sites at will. 

 The following curl command would replace the portrait or malware. a curl -F portrait=@[path_to_file] --form-string member_id=[username] http://szgy.org/portal_membership/changeMemberPortrait

*no* credentials are required to accomplish this! the http://szgy.org/products/plonehotfix20060410

fellow portal members at will even with declarations. to These methods furthermore lack all checks of make sure no portraits are altered by third parties even if security declarations were in place, making it possible for logged-in members to alter portraits

The changeMemberPortrait and deletePersonalPortrait lack security declarations, enabling any anonymous internet user of malicious JPEGs on other images to trigger bugs in Internet Explorer, allowing attackers to abuse Plone sites for that file chosen

Description

04/10/06 23:52:52 changed by shh

r9512 Visit that Plone Content Management System at

05/08/06 17:52:04 changed by shh

Login and registration fixed

Fixed on 2.1 branch: RSS Feed

04/10/06 20:04:28 changed by shh by hannosch

Opened 3 years ago on Tab-delimited Text Keywords:

04/10/06 23:19:13 changed

  • status Ticket #5432 to Wiki r9514 .
  • View Tickets set to 2.5.x to
  • Search resolution Timeline Cc: 2.1.3 new