Re: Fairly serious vulnerability in vBulletin 2.2.0
From: Sam Sargeant (sam@whackass.com)Date: 01/31/02
- Previous message: Simon Delicata: "Re: Script for find domino's users"
- In reply to: HarryM: "Fairly serious vulnerability in vBulletin 2.2.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Feb 2002 11:23:18 +1300 From: Sam Sargeant <sam@whackass.com> To: HarryM <harrym@the-group.org>
On Thu, Jan 31, 2002 at 04:18:23AM -0000, HarryM wrote:
> Solution:
> Ensure that $bbuserid, $bbpassword, and the rest of the cookied variables
> are coming from the cookie and not from GET or POST data, by using the
> $HTTP_COOKIE array.
Unfortunately, this is nothing more than a workaround too. It's trivial to
create your own cookie jar with the appropriate data.
-- Sam Sargeant <sam@whackass.com> ------------------------------------------------------------------------ "The whole problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts." - Bertrand Russell
- application/pgp-signature attachment: stored
- Previous message: Simon Delicata: "Re: Script for find domino's users"
- In reply to: HarryM: "Fairly serious vulnerability in vBulletin 2.2.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
