Gotcha!

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Gotcha!

Post by VladSun »

A "small" information leak bug exploited here - get your PHPDN personal PHP-interests profile at

http://89.25.38.147/vladsun/profiler.php

;)

I think it's not going to be fixed soon...

( Thanks gat3way )
There are 10 types of people in this world, those who understand binary and those who don't
SvanteH
Forum Commoner
Posts: 50
Joined: Wed Jul 08, 2009 12:25 am

Re: Gotcha!

Post by SvanteH »

From what data does it base this on? Sounds like a cURL operation and regex alone can fix this. :p
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Gotcha!

Post by VladSun »

SvanteH wrote:From what data does it base this on?
As I said -
A "small" information leak bug
I don't want to give more details.
SvanteH wrote:Sounds like a cURL operation and regex alone can fix this. :p
I don't think so :P
There are 10 types of people in this world, those who understand binary and those who don't
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Gotcha!

Post by matthijs »

What should I see there? I get an empty page.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Gotcha!

Post by Weirdan »

Doesn't work for me. And since it concerns our forums, could you disclose the details via pm maybe?
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Gotcha!

Post by VladSun »

Weirdan wrote:Doesn't work for me. And since it concerns our forums, could you disclose the details via pm maybe?
It's not PHPDN specific in any way :)
It only targets it.

You have a PM.
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Gotcha!

Post by Weirdan »

Yeah, that's the leak I suspected... frankly, it's been known for the long time already.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Gotcha!

Post by VladSun »

Weirdan wrote:Yeah, that's the leak I suspected... frankly, it's been known for the long time already.
Yes, but it's like its fix is abandoned by the developers ...
There are 10 types of people in this world, those who understand binary and those who don't
SvanteH
Forum Commoner
Posts: 50
Joined: Wed Jul 08, 2009 12:25 am

Re: Gotcha!

Post by SvanteH »

Cookies? Session hijacking? Tell me more :D
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Gotcha!

Post by kaisellgren »

My favorite information leakage is probably the one which allows anyone to see posts in a moderator-only forum. Information leakages are probably least often fixed. Take this as an example: http://making-the-web.com/misc/sites-you-visit/
Post Reply