Bugtraq mailing list archives
Re: Fairly serious vulnerability in vBulletin 2.2.0
From: Sam Sargeant <sam () whackass com>
Date: Fri, 1 Feb 2002 11:23:18 +1300
On Thu, Jan 31, 2002 at 04:18:23AM -0000, HarryM wrote:
Solution: Ensure that $bbuserid, $bbpassword, and the rest of the cookied variables are coming from the cookie and not from GET or POST data, by using the $HTTP_COOKIE array.
Unfortunately, this is nothing more than a workaround too. It's trivial to create your own cookie jar with the appropriate data. -- Sam Sargeant <sam () whackass com> ------------------------------------------------------------------------ "The whole problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts." - Bertrand Russell
Attachment:
_bin
Description:
Current thread:
- Fairly serious vulnerability in vBulletin 2.2.0 HarryM (Jan 31)
- Re: Fairly serious vulnerability in vBulletin 2.2.0 Sam Sargeant (Jan 31)