Page 1 of 1

Gotcha!

Posted: Wed Jul 08, 2009 5:01 am
by VladSun
A "small" information leak bug exploited here - get your PHPDN personal PHP-interests profile at

http://89.25.38.147/vladsun/profiler.php

;)

I think it's not going to be fixed soon...

( Thanks gat3way )

Re: Gotcha!

Posted: Wed Jul 08, 2009 5:15 am
by SvanteH
From what data does it base this on? Sounds like a cURL operation and regex alone can fix this. :p

Re: Gotcha!

Posted: Wed Jul 08, 2009 5:22 am
by VladSun
SvanteH wrote:From what data does it base this on?
As I said -
A "small" information leak bug
I don't want to give more details.
SvanteH wrote:Sounds like a cURL operation and regex alone can fix this. :p
I don't think so :P

Re: Gotcha!

Posted: Wed Jul 08, 2009 5:24 am
by matthijs
What should I see there? I get an empty page.

Re: Gotcha!

Posted: Wed Jul 08, 2009 5:27 am
by Weirdan
Doesn't work for me. And since it concerns our forums, could you disclose the details via pm maybe?

Re: Gotcha!

Posted: Wed Jul 08, 2009 5:33 am
by VladSun
Weirdan wrote:Doesn't work for me. And since it concerns our forums, could you disclose the details via pm maybe?
It's not PHPDN specific in any way :)
It only targets it.

You have a PM.

Re: Gotcha!

Posted: Wed Jul 08, 2009 6:09 am
by Weirdan
Yeah, that's the leak I suspected... frankly, it's been known for the long time already.

Re: Gotcha!

Posted: Wed Jul 08, 2009 6:12 am
by VladSun
Weirdan wrote:Yeah, that's the leak I suspected... frankly, it's been known for the long time already.
Yes, but it's like its fix is abandoned by the developers ...

Re: Gotcha!

Posted: Wed Jul 08, 2009 7:05 am
by SvanteH
Cookies? Session hijacking? Tell me more :D

Re: Gotcha!

Posted: Wed Jul 08, 2009 7:47 am
by kaisellgren
My favorite information leakage is probably the one which allows anyone to see posts in a moderator-only forum. Information leakages are probably least often fixed. Take this as an example: http://making-the-web.com/misc/sites-you-visit/