TE
TechEcho
Home
24h Top
Newest
Best
Ask
Show
Jobs
English
GitHub
Twitter
Home
SECUREDROP = 0.3 – Possible Backdoor and Privileges Escalation by Unauth User
5 points
by
jmedwards
about 10 years ago
1 comment
fabulist
about 10 years ago
Relevant portion of the rant:<p><pre><code> File /securedrop/journalist.py, lines 125-128, missing @admin_required decorator 125 @app.route('/admin/add', methods=3D('GET', 'POST')) 126 def admin_add_user(): 127 # TODO: process form submission 128 return render_template("admin_add_user.html") </code></pre> Ouch!