SphereServer BugTracker - SphereServer | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0001882 | SphereServer | executable - generic | public | 02-01-11 20:41 | 12-01-14 17:04 |
| Reporter | Coruja | ||||
| Assigned To | XuN | ||||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | OS | OS Version | |||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Nightly Version | 09-09-2008 | ||||
| Experimental Flags | None | ||||
| Option Flags | None | ||||
| Internal Build Number | |||||
| Summary | 0001882: Exploit using timerf command | ||||
| Description | TIMERF doesn't check plevel to execute the function. An account with plevel 4 which can use TIMERF function can exploit plevel restriction and execute any function, like "TIMERF 1,ACCOUNT.PLEVEL 7" So my suggestion is check is the account can use the function used on timerf, but only when it text the command on client (on scripts it must work without restrictions, since TIMERF functions run on many accounts with plevel 1) | ||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 02-01-11 20:41 | Coruja | New Issue | |||
| 12-01-14 17:04 | XuN | Note Added: 0001902 | |||
| 12-01-14 17:04 | XuN | Status | new => resolved | ||
| 12-01-14 17:04 | XuN | Resolution | open => fixed | ||
| 12-01-14 17:04 | XuN | Assigned To | => XuN | ||
| Notes | |||||
|
|
|||||
|
|
||||