Re: Fairly serious vulnerability in vBulletin 2.2.0

[Sam Sargeant <sam () whackass com>]

On Thu, Jan 31, 2002 at 04:18:23AM -0000, HarryM wrote:

> Solution:
> Ensure that $bbuserid, $bbpassword, and the rest of the cookied variables
> are coming from the cookie and not from GET or POST data, by using the
> $HTTP_COOKIE array.

Unfortunately, this is nothing more than a workaround too. It's trivial to
create your own cookie jar with the appropriate data.

-- 
Sam Sargeant <sam () whackass com> 
------------------------------------------------------------------------
 "The whole problem with the world is that fools and fanatics are
  always so certain of themselves, and wiser people so full of doubts."
                                              - Bertrand Russell

Attachment: _bin
Description: