Page 1 of 1
Gotcha!
Posted: Wed Jul 08, 2009 5:01 am
by VladSun
A "small" information leak bug exploited here - get your PHPDN personal PHP-interests profile at
http://89.25.38.147/vladsun/profiler.php
I think it's not going to be fixed soon...
( Thanks
gat3way )
Re: Gotcha!
Posted: Wed Jul 08, 2009 5:15 am
by SvanteH
From what data does it base this on? Sounds like a cURL operation and regex alone can fix this. :p
Re: Gotcha!
Posted: Wed Jul 08, 2009 5:22 am
by VladSun
SvanteH wrote:From what data does it base this on?
As I said -
A "small" information leak bug
I don't want to give more details.
SvanteH wrote:Sounds like a cURL operation and regex alone can fix this. :p
I don't think so

Re: Gotcha!
Posted: Wed Jul 08, 2009 5:24 am
by matthijs
What should I see there? I get an empty page.
Re: Gotcha!
Posted: Wed Jul 08, 2009 5:27 am
by Weirdan
Doesn't work for me. And since it concerns our forums, could you disclose the details via pm maybe?
Re: Gotcha!
Posted: Wed Jul 08, 2009 5:33 am
by VladSun
Weirdan wrote:Doesn't work for me. And since it concerns our forums, could you disclose the details via pm maybe?
It's not PHPDN specific in any way

It only targets it.
You have a PM.
Re: Gotcha!
Posted: Wed Jul 08, 2009 6:09 am
by Weirdan
Yeah, that's the leak I suspected... frankly, it's been known for the long time already.
Re: Gotcha!
Posted: Wed Jul 08, 2009 6:12 am
by VladSun
Weirdan wrote:Yeah, that's the leak I suspected... frankly, it's been known for the long time already.
Yes, but it's like its fix is abandoned by the developers ...
Re: Gotcha!
Posted: Wed Jul 08, 2009 7:05 am
by SvanteH
Cookies? Session hijacking? Tell me more

Re: Gotcha!
Posted: Wed Jul 08, 2009 7:47 am
by kaisellgren
My favorite information leakage is probably the one which allows anyone to see posts in a moderator-only forum. Information leakages are probably least often fixed. Take this as an example:
http://making-the-web.com/misc/sites-you-visit/