Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
From: Nicob <nicob () nicob net>
Date: Thu, 27 Oct 2005 16:30:31 +0200

Le jeudi 27 octobre 2005 à 08:54 -0500, Tatercrispies a écrit :

And I really don't see how this could ever be used to execute
server-side script unless for some bizarre reason you had your
webserver so completely misconfigured as to be beyond imagination. Why
would you be parsing image files through the PHP interpreter.

Please look at http://shsc.info/FileUploadSecurity#titelanker5 ...
And yes, it happens in real life scenarios !


Nicob

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]