Talk updated: Opening. Day 1

Andrew Shitov andy at shitov.ru
Sun Jul 14 23:40:22 CEST 2013


Hi,

He reported that the user which is logged in can edit any talk by
substituting an ID to the talk edit page like that:

Insufficient Authorization (WASC-02):
http://act.yapc.eu/ye2013/edittalk?talk_id=4931
http://act.yapc.eu/ye2013/edittalk?talk_id=4932

I was not able to reproduce that but could somebody familiar with the
Act code please take a look at this?

Thank you.



On Sat, Jul 13, 2013 at 11:47 AM, Dirk De Nijs <ddn123456 at gmail.com> wrote:
> Let's learn from this!
>
> Op 13-jul.-2013 om 11:27 heeft Thomas Klausner <domm at cpan.org> het volgende geschreven:
>
>> Hi!
>>
>> On Sat, Jul 13, 2013 at 11:21:36AM +0400, Andrew Shitov wrote:
>>
>>> +P.S.
>>> +
>>> +Don't forget to visit my talk "Security of Perl and web applications".
>>
>> wow, that's good avertising :-)
>>
>>
>>
>> --
>> #!/usr/bin/perl                              http://domm.plix.at
>> for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}
>> _______________________________________________
>> Act mailing list
>> Act at mongueurs.net
>> http://listes.mongueurs.net/mailman/listinfo/act
> _______________________________________________
> Act mailing list
> Act at mongueurs.net
> http://listes.mongueurs.net/mailman/listinfo/act



-- 
Andrew Shitov
______________________________________________________________________
andy at shitov.ru | http://shitov.ru


More information about the Act mailing list