Bugtraq mailing list archives
Re: phpBB 2.0.8a and lower - IP spoofing vulnerability
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 20 Apr 2004 16:15:48 +0400
Dear Ready Response, --Monday, April 19, 2004, 4:01:29 AM, you wrote to bugtraq () securityfocus com: RR> the users IP address in the common.php script. This issue is caused RR> by blind trust of the X-Forwarded-For HTTP header. A remote attacker This issue is very common for different BBs (for example Iconboard has same problem), in addition to IP spoofing it's usually possible to cause crossite scripting by inserting script into forgery X-Forwarded-For header. -- ~/ZARAZA Но ведь кому угодно могут прийти в голову яйца, пятки и епископы. (Лем)
Current thread:
- phpBB 2.0.8a and lower - IP spoofing vulnerability Ready Response (Apr 19)
- Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Shaun Colley (Apr 19)
- Re: phpBB 2.0.8a and lower - IP spoofing vulnerability 3APA3A (Apr 20)
- Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Xin LI (Apr 21)
- Re: phpBB 2.0.8a and lower - IP spoofing vulnerability BlueRaven (Apr 28)
- Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Xin LI (Apr 29)
- Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Xin LI (Apr 21)