Full Disclosure mailing list archives
Re: Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
From: Nicob <nicob () nicob net>
Date: Thu, 27 Oct 2005 16:30:31 +0200
Le jeudi 27 octobre 2005 à 08:54 -0500, Tatercrispies a écrit :
And I really don't see how this could ever be used to execute server-side script unless for some bizarre reason you had your webserver so completely misconfigured as to be beyond imagination. Why would you be parsing image files through the PHP interpreter.
Please look at http://shsc.info/FileUploadSecurity#titelanker5 ... And yes, it happens in real life scenarios ! Nicob _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., (continued)
- Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Tatercrispies (Oct 25)
- phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski (Oct 25)
- Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Tatercrispies (Oct 25)
- Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski (Oct 25)
- Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Tatercrispies (Oct 25)
- Re: Re: phpBB 2.0.17 (and other BB systems as well). Morning Wood (Oct 25)
- Re: Re: phpBB 2.0.17 (and other BB systems as well). Matthew Murphy (Oct 25)
- Re: Re: phpBB 2.0.17 (and other BB systems as well). Valdis . Kletnieks (Oct 25)
- Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Tatercrispies (Oct 25)
- Re: Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Tatercrispies (Oct 27)
- Re: Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Nicob (Oct 27)