rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: rootarded on October 29, 2006, 01:47:57 AM

Title: Upload without permission
Post by: rootarded on October 29, 2006, 01:47:57 AM

Hello.

I just downloaded this piece of software and found out that it's possible to upload to folder which you do not have permission to upload to by simply creating your own html form, add the files and change the action parameter in the form to the folder you want to upload to.

This should be fixed ASAP.

Title: Re: Upload without permission
Post by: ~GeeS~ on October 29, 2006, 12:09:48 PM

 ???
In order to reproduce what you've found, could you please describe exactly what you've done with your HTML and how you've  protected the upload folder?

Title: Re: Upload without permission
Post by: rejetto on October 29, 2006, 05:40:54 PM

yes, fixed.
i'm now fixing other bugs, and will publish a new build in few hours.

Title: Re: Upload without permission
Post by: rejetto on October 29, 2006, 07:55:45 PM

please update to version 2.1a