mailing list archives
Re: PHPXMAIL - Authentication Bypass
From: security () surefoot com
Date: Wed, 6 Jul 2005 14:04:10 -0600
On Wednesday 06 July 2005 11:57, Steve <St> wrote:
Author: Stefan Lochbihler
Date: 6. Juli 2005
Affected Software: PHPXMAIL
Software Version: 0.7 -> 1.1
Software URL: http://phpxmail.sourceforge.net/
Attack: Authentication Bypass
The problem occurs when we try to log in with an overlong password
because we get no response message from the server and the function dont
Now when we login with a username like postmaster () localhost and an
we bypass the error handler and successfully log in.
Solution: Maybe insert a maxsize tag to the passwords input field.
Discovered by Steve
Erm... a maxsize tag will not prevent the attack at all.
There is no such thing as fortune. Try again.