Talk updated: Opening. Day 1
Anton Berezin
tobez at tobez.org
Mon Jul 15 00:40:28 CEST 2013
I was able to reproduce it.
On Sun, Jul 14, 2013 at 11:40:22PM +0200, Andrew Shitov wrote:
> Hi,
>
> He reported that the user which is logged in can edit any talk by
> substituting an ID to the talk edit page like that:
>
> Insufficient Authorization (WASC-02):
> http://act.yapc.eu/ye2013/edittalk?talk_id=4931
> http://act.yapc.eu/ye2013/edittalk?talk_id=4932
>
> I was not able to reproduce that but could somebody familiar with the
> Act code please take a look at this?
>
> Thank you.
>
>
>
> On Sat, Jul 13, 2013 at 11:47 AM, Dirk De Nijs <ddn123456 at gmail.com> wrote:
> > Let's learn from this!
> >
> > Op 13-jul.-2013 om 11:27 heeft Thomas Klausner <domm at cpan.org> het volgende geschreven:
> >
> >> Hi!
> >>
> >> On Sat, Jul 13, 2013 at 11:21:36AM +0400, Andrew Shitov wrote:
> >>
> >>> +P.S.
> >>> +
> >>> +Don't forget to visit my talk "Security of Perl and web applications".
> >>
> >> wow, that's good avertising :-)
> >>
> >>
> >>
> >> --
> >> #!/usr/bin/perl http://domm.plix.at
> >> for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}
> >> _______________________________________________
> >> Act mailing list
> >> Act at mongueurs.net
> >> http://listes.mongueurs.net/mailman/listinfo/act
> > _______________________________________________
> > Act mailing list
> > Act at mongueurs.net
> > http://listes.mongueurs.net/mailman/listinfo/act
>
>
>
> --
> Andrew Shitov
> ______________________________________________________________________
> andy at shitov.ru | http://shitov.ru
> _______________________________________________
> Act mailing list
> Act at mongueurs.net
> http://listes.mongueurs.net/mailman/listinfo/act
--
Our society can survive even a large amount of irrational regulation.
-- John McCarthy
More information about the Act
mailing list