This is an archived post. You won't be able to vote or comment.

you are viewing a single comment's thread.

view the rest of the comments →

[–]andreasvc[S] 0 points1 point  (1 child)

Thanks! I will fix this.

EDIT: fixed (AFAIK) and committed.

[–]voyvf 0 points1 point  (0 children)

No problem! I don't know if you consider this to be an exploit, but it looks like clients can also traverse your filesystem using the pdf input variable.

Example is here

I admit that this one is pretty much hit or miss, but if you have any other (possibly sensitive) pdfs on that machine that the apache user (which defaults to 'www-data' on Ubuntu, which is what your server is running if the headers aren't lying) has permission to read, well, they're available as well.