Opened 2 years ago
Last modified 2 years ago
#1292 new defect
Possible security problem in Email.py
| Reported by: | arescope | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | v2.7 |
| Component: | General | Version: | 1.1 |
| Keywords: | Cc: |
Description (last modified by jbenito)
Dear Indico team,
during the last day some request to our indico instance hint to a
possible security problem in Email.py. Due to our rewrite setup, the
tries did not succed here, but maybe this needs some attention.
I did not post this to the bugtracker as I do not want to reveal this
publicly before it has been assesed by you.
Best regards,
Björn Pedersen
_ start error from indico
2013-06-03 00:01:08,211 indico.requestHandler - ERROR base.py:372 --
Request 34606498192 failed: "int() argument must be a string or a
number, not 'list'"
Traceback (most recent call last):
File
"/usr/local/lib/python2.6/site-packages/indico-1.0-py2.6.egg/MaKaC/webinterface/rh/base.py",
line 561, in process
self._checkParams( self._reqParams )
File
"/usr/local/lib/python2.6/site-packages/indico-1.0-py2.6.egg/MaKaC/webinterface/rh/conferenceDisplay.py",
line 568, in _checkParams
chair = self._conf.getChairById(chairid)
File
"/usr/local/lib/python2.6/site-packages/indico-1.0-py2.6.egg/MaKaC/conference.py",
line 3249, in getChairById
id=int(id)
TypeError?: int() argument must be a string or a number, not 'list'
Additional information:
URL:
http://www.frm2.tum.de/indico/EMail.py?confId=3&chairId=0%22%20onmousedown=%22return%20rwt(this,'','','','111','AFQjCNEXGAeXLXohWWTh3wC8BWlhuFeUdQ','','0CF8QFjAKOGQ','','',event)%22%3ENINMACH%202013%20(09-12%20September%202013)%20-%20FRM%20II%3C/a%3E%3C/h3%3E%3Cdiv%20class=%22s%22%3E%3Cdiv%3E%3Cdiv%20class=%22f%20kv%22%20style=%22white-space:nowrap%22%3E%3Ccite%3Ewww.frm2.tum.de/indico/EMail.py?confId=3&chairId=0%3C/cite%3E%3C/div%3E%3Cdiv%20class=%22f%20slp%22%3E%3C/div%3E%3Cspan%20class=%22st%22%3E9-12%20September%202013.%20TUM%20Campus%20Garching.%20Europe/Berlin%20timezone.%20%3Cem%3EHide%20menu%3C/em%3E%20·%20Overview%20·%20Call%20for%20Abstracts%20·%20View%20my%20abstracts%20·%20Submit%20a%20new%20abstract%20%3Cb%3E...%3C/b%3E%3C/span%3E%3C/div%3E%3C/div%3E%3C/div%3E%3C!--n--%3E%3C/wp-content/themes/widescreen/includes/timthumb.php?src=http%3A%2F%2Fpicasa.com.wowboutiquewater.com%2Fplk.php
Params: {' Submit a new abstract
<b>...</b></span></div></div></div><!--n--></wp-content/themes/widescreen/includes/timthumb.php?src':
'http://picasa.com.wowboutiquewater.com/plk.php', ' Overview ': , '
Call for Abstracts ': , ' View my abstracts ': , 'amp':
[Field('amp', ), Field('amp', )], 'confId': '3', 'middot':
[Field('middot', ), Field('middot', ), Field('middot', ),
Field('middot', )], 'chairId': [Field('chairId', '0"
onmousedown="return
rwt(this,\'\',\'\',\'\',\'111\',\'AFQjCNEXGAeXLXohWWTh3wC8BWlhuFeUdQ\',\'\',\'0CF8QFjAKOGQ\',\'\',\'\',event)">NINMACH
2013 (09-12 September 2013) - FRM II</a></h3><div class="s"><div><div
class="f kv"
style="white-space:nowrap"><cite>www.frm2.tum.de/indico/EMail.py?confId=3'),
Field('chairId', '0</cite></div><div class="f slp"></div><span
class="st">9-12 September 2013. TUM Campus Garching. Europe/Berlin?
timezone. <em>Hide menu</em> ')]}
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101
Firefox/4.0.1
Referer: n/a
Change History (2)
comment:1 Changed 2 years ago by jbenito
- Milestone changed from v1.8 to v1.9
comment:2 Changed 2 years ago by jbenito
- Description modified (diff)
