Anti Räis
Anti Räis
Logged in user (editor) can change password for other users or delete them. [Example attacks] http://localhost/system/admin/controllers/password.php POST:p=password&i=<user id> // Delete user http://localhost/system/admin/controllers/users.php?del=<user id>
Logged in user can inject attack code and update, delete or modify others credentials, session or any other data. [Example attacks] //Edit text input - bad tags cause script tag...
Logged in user (editor) can list folder content with URL traversal. [Example attacks] [Notes: List shows up style="display:none", change it to see the content] - http://localhost/system/admin/editor/filemgr/modules/folders.php POST:dir=../ - http://localhost/system/admin/editor/filemgr/modules/files.php?dir=..%2f..%2f..%2f..%2fetc%2f
Fix for issue #230.
As described in [logging documentation for libraries](https://docs.python.org/3/howto/logging.html#configuring-logging-for-a-library), it is not recommended to use anything else than `logging.NullHandler()` when setting up logging. It is set up in [errors.py:14](https://github.com/pmaupin/pdfrw/blob/6c892160e7e976b243db0c12c3e56ed8c78afc5a/pdfrw/errors.py#L14) file and overwrites...
Document the preferred process to report and resolve security vulnerabilities. My proposal is to use specific email address for initial communications (e.g. [email protected]) so that core developers and security researches...
Additional GPS information aids project managers to assure that the work was done in specific location, e.g construction workers. It would be nice to also see the map with a...
This PR will: * add pyproject.toml (PEP621) support * will support python3.13 * upgrade deprecated libraries (resolves #196, #197) Tested this build on Kali 2025.2
This patch will make weevely read correct version info. Also added a standard `--version` flag to show it.