<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: Re: phpBB 2.0.8a and lower - IP spoofing vulnerability

Re: phpBB 2.0.8a and lower - IP spoofing vulnerability

From: 3APA3A <3APA3A_at_SECURITY.NNOV.RU>
Date: Tue, 20 Apr 2004 16:15:48 +0400

Dear Ready Response,

--Monday, April 19, 2004, 4:01:29 AM, you wrote to bugtraq_at_securityfocus.com:

RR> the users IP address in the common.php script. This issue is caused
RR> by blind trust of the X-Forwarded-For HTTP header. A remote attacker

This issue is very common for different BBs (for example Iconboard has
same problem), in addition to IP spoofing it's usually possible to cause
crossite scripting by inserting script into forgery X-Forwarded-For
header.

-- 
~/ZARAZA
Но ведь кому угодно могут прийти в голову яйца, пятки и епископы. (Лем)

Received on Apr 20 2004

This message: [ Message body ]
Next message: David Wilson: "Re: ZA Security Hole"
Previous message: Sami POTIRCA: "Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure"
In reply to: Ready Response: "phpBB 2.0.8a and lower - IP spoofing vulnerability"
Next in thread: Xin LI: "Re: phpBB 2.0.8a and lower - IP spoofing vulnerability"
Reply: Xin LI: "Re: phpBB 2.0.8a and lower - IP spoofing vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]