SecurityReporter目录遍历及绕过认证漏洞

BUGTRAQ ID: 25027 SecurityReporter是Sidewinder安全设备的安全事件分析和报表解决方案。 SecurityReporter的file.cgi文件允许用户绕过认证： 8 $name = $field'name'; 9 10 for gif images we dont care about authorization so just serve it without 11 bothering the reporting engine again. See bug: 3676 for details. 12 $dontvalidate = "false...