Re: Serious holes affecting JFFNMS
- From: not@xxxxxxxxxxxxxxxx
- Date: 5 Jul 2007 11:48:36 -0000
Per the following comments...
"Finally, the auth.php PHP script also includes the following code:
if (($jffnms_version=="0.0.0") && ($_SERVER["REMOTE_ADDR"]=="128.30.52.13")) {
which could be considered a backdoor althought it does not appear to be
exploitable in a typical installation."
...it should be noted that 128.30.52.13 is likely the source IP address of the W3.ORG validator. So perhaps the PHP code intends to behave differently during a W3.ORG validation test.
- Prev by Date: [security bulletin] HPSBPI02228 SSRT071404 rev.1 - HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access
- Next by Date: Redirection Vulnerability in wp-pass.php, WordPress 2.2.1
- Previous by thread: [security bulletin] HPSBPI02228 SSRT071404 rev.1 - HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access
- Next by thread: Redirection Vulnerability in wp-pass.php, WordPress 2.2.1
- Index(es):
