Talk updated: Opening. Day 1
Andrew Shitov
andy at shitov.ru
Sun Jul 14 23:40:22 CEST 2013
Hi,
He reported that the user which is logged in can edit any talk by
substituting an ID to the talk edit page like that:
Insufficient Authorization (WASC-02):
http://act.yapc.eu/ye2013/edittalk?talk_id=4931
http://act.yapc.eu/ye2013/edittalk?talk_id=4932
I was not able to reproduce that but could somebody familiar with the
Act code please take a look at this?
Thank you.
On Sat, Jul 13, 2013 at 11:47 AM, Dirk De Nijs <ddn123456 at gmail.com> wrote:
> Let's learn from this!
>
> Op 13-jul.-2013 om 11:27 heeft Thomas Klausner <domm at cpan.org> het volgende geschreven:
>
>> Hi!
>>
>> On Sat, Jul 13, 2013 at 11:21:36AM +0400, Andrew Shitov wrote:
>>
>>> +P.S.
>>> +
>>> +Don't forget to visit my talk "Security of Perl and web applications".
>>
>> wow, that's good avertising :-)
>>
>>
>>
>> --
>> #!/usr/bin/perl http://domm.plix.at
>> for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}
>> _______________________________________________
>> Act mailing list
>> Act at mongueurs.net
>> http://listes.mongueurs.net/mailman/listinfo/act
> _______________________________________________
> Act mailing list
> Act at mongueurs.net
> http://listes.mongueurs.net/mailman/listinfo/act
--
Andrew Shitov
______________________________________________________________________
andy at shitov.ru | http://shitov.ru
More information about the Act
mailing list