| Anonymous | Login | Signup for a new account | 01-07-25 13:18 CEST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |
| 0001882 | SphereServer | executable - generic | public | 02-01-11 20:41 | 12-01-14 17:04 | |
| Reporter | Coruja | |||||
| Assigned To | XuN | |||||
| Priority | normal | Severity | major | Reproducibility | always | |
| Status | resolved | Resolution | fixed | |||
| Platform | OS | OS Version | ||||
| Product Version | ||||||
| Target Version | Fixed in Version | |||||
| Summary | 0001882: Exploit using timerf command | |||||
| Description | TIMERF doesn't check plevel to execute the function. An account with plevel 4 which can use TIMERF function can exploit plevel restriction and execute any function, like "TIMERF 1,ACCOUNT.PLEVEL 7" So my suggestion is check is the account can use the function used on timerf, but only when it text the command on client (on scripts it must work without restrictions, since TIMERF functions run on many accounts with plevel 1) | |||||
| Tags | No tags attached. | |||||
| Nightly Version | 09-09-2008 | |||||
| Experimental Flags | None | |||||
| Option Flags | None | |||||
| Internal Build Number | ||||||
| Attached Files | ||||||
 Relationships |
|
 Relationships |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 02-01-11 20:41 | Coruja | New Issue | |
| 12-01-14 17:04 | XuN | Note Added: 0001902 | |
| 12-01-14 17:04 | XuN | Status | new => resolved |
| 12-01-14 17:04 | XuN | Resolution | open => fixed |
| 12-01-14 17:04 | XuN | Assigned To | => XuN |
|
Issue History |
| Copyright © 2000 - 2010 MantisBT Group |
 |