Bugtraq mailing list archives
Re: Security problems with TWIG webmail system
From: João Gouveia <cercthar () TELEWEB PT>
Date: Wed, 29 Nov 2000 19:20:20 -0000
Hi , (snip)
Another option... in index.php3, replace the line: if( $vhosts[$SERVER_NAME] ) with: if( $vhosts[$SERVER_NAME] && !isset($HTTP_GET_VARS[vhosts]) ) This essentially checks to make sure that the vhosts element was defined locally (in config/config.inc.php3), not in the URL.
I think that's not a eficient fix. That or I'm seeing strange things. Try this: index.php3?HTTP_GET_VARS=&vhosts[twig.server.tld]=test Best regards, Joao Gouveia aka Tharbad
Current thread:
- Re: Security problems with TWIG webmail system Glover, Mike (Dec 01)
- <Possible follow-ups>
- Re: Security problems with TWIG webmail system João Gouveia (Dec 01)
- Re: Security problems with TWIG webmail system Shaun Clowes (Dec 01)
- Re: Security problems with TWIG webmail system João Gouveia (Dec 01)
- Re: Security problems with TWIG webmail system Shaun Clowes (Dec 02)
- Re: Security problems with TWIG webmail system Rasmus Lerdorf (Dec 02)