Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Serious holes affecting JFFNMS
From: not () themoment thanks
Date: 5 Jul 2007 11:48:36 -0000
Per the following comments...

"Finally, the auth.php PHP script also includes the following code:

if (($jffnms_version=="0.0.0") && ($_SERVER["REMOTE_ADDR"]=="128.30.52.13")) {

which could be considered a backdoor althought it does not appear to be
exploitable in a typical installation."

...it should be noted that 128.30.52.13 is likely the source IP address of the W3.ORG validator.  So perhaps the PHP 
code intends to behave differently during a W3.ORG validation test.

  By Date           By Thread  

Current thread:
  • Re: Serious holes affecting JFFNMS not (Jul 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]