Ticket #477 (closed defect: invalid)

Opened 19 months ago

Last modified 19 months ago

Cache exploit

Reported by: reporter Owned by: mbonetti
Priority: highest Milestone:
Component: BUGS Version:
Severity: critical Keywords:
Cc:

Description

Just installed Gregorius and searched the net for custom "Gregorius themes" (actual searchstring) when i found several Gregorius installed sites with the admin sections wide open due to cached sessions. Hope you have a fix for this.

/Mike

mike99@…

Change History

follow-up: ↓ 2   Changed 19 months ago by cfriesen

I'm not sure I follow this.

You can't access the /admin pages without putting in a username/password (I just tried every page manually).

What version of Gregarius are these sites using? I did a search for custom "Gregarius themes" and it didn't return anything really interesting.

If you really want to make sure no one can access the /admin section, you can always setup .htaccess . That'll protect it at the webserver level.

in reply to: ↑ 1   Changed 19 months ago by mbonetti

Replying to cfriesen:

I'm not sure I follow this.

Ditto. I emailed the reporter and asked for additional details.

  Changed 19 months ago by mbonetti

  • status changed from new to closed
  • resolution set to invalid

Well, I've emailed the reporter and got no reply in next to two weeks. Closing this as bogus, feel free to reopen if this is relevant.

Note: See TracTickets for help on using tickets.