Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Moderator: General Moderators
VladSun
DevNet Master
Posts: 4313 Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria
Post
by VladSun » Wed Jul 08, 2009 5:01 am
A "small" information leak bug exploited here - get your PHPDN personal PHP-interests profile at
http://89.25.38.147/vladsun/profiler.php
I think it's not going to be fixed soon...
( Thanks
gat3way )
There are 10 types of people in this world, those who understand binary and those who don't
SvanteH
Forum Commoner
Posts: 50 Joined: Wed Jul 08, 2009 12:25 am
Post
by SvanteH » Wed Jul 08, 2009 5:15 am
From what data does it base this on? Sounds like a cURL operation and regex alone can fix this. :p
VladSun
DevNet Master
Posts: 4313 Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria
Post
by VladSun » Wed Jul 08, 2009 5:22 am
SvanteH wrote: From what data does it base this on?
As I said -
A "small" information leak bug
I don't want to give more details.
SvanteH wrote: Sounds like a cURL operation and regex alone can fix this. :p
I don't think so
There are 10 types of people in this world, those who understand binary and those who don't
matthijs
DevNet Master
Posts: 3360 Joined: Thu Oct 06, 2005 3:57 pm
Post
by matthijs » Wed Jul 08, 2009 5:24 am
What should I see there? I get an empty page.
Weirdan
Moderator
Posts: 5978 Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine
Post
by Weirdan » Wed Jul 08, 2009 5:27 am
Doesn't work for me. And since it concerns our forums, could you disclose the details via pm maybe?
VladSun
DevNet Master
Posts: 4313 Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria
Post
by VladSun » Wed Jul 08, 2009 5:33 am
Weirdan wrote: Doesn't work for me. And since it concerns our forums, could you disclose the details via pm maybe?
It's not PHPDN specific in any way
It only targets it.
You have a PM.
There are 10 types of people in this world, those who understand binary and those who don't
Weirdan
Moderator
Posts: 5978 Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine
Post
by Weirdan » Wed Jul 08, 2009 6:09 am
Yeah, that's the leak I suspected... frankly, it's been known for the long time already.
VladSun
DevNet Master
Posts: 4313 Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria
Post
by VladSun » Wed Jul 08, 2009 6:12 am
Weirdan wrote: Yeah, that's the leak I suspected... frankly, it's been known for the long time already.
Yes, but it's like its fix is abandoned by the developers ...
There are 10 types of people in this world, those who understand binary and those who don't
SvanteH
Forum Commoner
Posts: 50 Joined: Wed Jul 08, 2009 12:25 am
Post
by SvanteH » Wed Jul 08, 2009 7:05 am
Cookies? Session hijacking? Tell me more