mailing list archives
Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
From: Paul Laudanski <zx () castlecops com>
Date: Sat, 29 Oct 2005 18:10:46 -0400 (EDT)
On Thu, 27 Oct 2005, Nicob wrote:
Le mardi 25 octobre 2005 à 17:02 -0400, Paul Laudanski a écrit :
Anyone have other ideas on this? I've already implemented some code
to validate file input and its working. But is this the right
I'm not sure to understand what you're talking about but if you're
trying to positively validate that file XYZ is an image and not a PHP
file, you're asking for trouble :
$> wget http://nicob.net/mirrors/blowjob.jpg
I'm not contesting your reply, I agree with it an mentioned it earlier.
Remote validation is a problem. So then validation should be done locally
(attach the image locally).
Paul Laudanski, Microsoft MVP Windows-Security
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Nicob (Oct 27)
Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski (Oct 29)
- phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., (continued)