system.api.list should not leak PHP functions used for method execution #8574

Closed
hypeJunction opened this Issue Jun 23, 2015 · 3 comments

Comments

Projects
None yet
3 participants
@hypeJunction
Contributor

hypeJunction commented Jun 23, 2015

system.api.list WS method should not expose internal function names

@mrclay

This comment has been minimized.

Show comment
Hide comment
@mrclay

mrclay Jun 23, 2015

Member

Is this just extraneous info output in the response? SGTM.

Member

mrclay commented Jun 23, 2015

Is this just extraneous info output in the response? SGTM.

@juho-jaakkola

This comment has been minimized.

Show comment
Hide comment
@juho-jaakkola

juho-jaakkola Jun 27, 2015

Member

What exactly is being exposed?

Member

juho-jaakkola commented Jun 27, 2015

What exactly is being exposed?

@hypeJunction

This comment has been minimized.

Show comment
Hide comment
@hypeJunction

hypeJunction Jun 27, 2015

Contributor

The name of the php function used. With all the parameters specified, I am
afraid this can be used as an attack vector.
On Jun 27, 2015 1:59 PM, "Juho Jaakkola" notifications@github.com wrote:

What exactly is being exposed?


Reply to this email directly or view it on GitHub
#8574 (comment).

Contributor

hypeJunction commented Jun 27, 2015

The name of the php function used. With all the parameters specified, I am
afraid this can be used as an attack vector.
On Jun 27, 2015 1:59 PM, "Juho Jaakkola" notifications@github.com wrote:

What exactly is being exposed?


Reply to this email directly or view it on GitHub
#8574 (comment).

@hypeJunction hypeJunction changed the title from system.api.list should not expose internals to system.api.list should not leak PHP functions used for method execution Jun 27, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment