[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 73928] New: Strange behaviour when typing the "$" string in
From:       dabfus <kde () dabfus ! net>
Date:       2004-01-31 23:05:24
Message-ID: 20040131230524.12270.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
      
http://bugs.kde.org/show_bug.cgi?id=73928      
           Summary: Strange behaviour when typing the "$" string in the
                    location bar
           Product: konqueror
           Version: unspecified
          Platform: Debian stable
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
        AssignedTo: konq-bugs@kde.org
        ReportedBy: kde@dabfus.net


Version:            (using KDE KDE 3.1.4)
Installed from:    Debian stable Packages
OS:          Linux

When typing a "$" character in the location bar of konqueror, many env or others \
variables appears. For example, just type "$" in the location bar (URL bar), and then \
konqueror propose to you theses "URLs" : $SSH_AGENT_PID
$SSH_AUTH_SOCK
$SHELL
$USER
etc ...

And if you click one of them, konqueror will try to go to the URL, but of course the \
value of the variable will be something wrong, as for example a path to a file

Is the value of theses variables can be "get" by using a cross site scripting attack, \
as they may contains important datas ?

dabfus.


[prev in list] [next in list] [prev in thread] [next in thread]