[23235] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

more information about Phpnuke issue, postnuke vulnerable too !

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Cabezon_Aur=E9lien?)
Fri Nov 23 18:08:25 2001

Message-ID: <00f201c173a8$b59782b0$1439fdc1@London>
From: =?iso-8859-1?Q?Cabezon_Aur=E9lien?= <aurelien.cabezon@isecurelabs.com>
To: <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>,
        <staff@securiteam.com>
Date: Thu, 22 Nov 2001 23:54:54 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Hi list and phpnuke admin !

As you know now, according to little advisory/demonstration
http://www.isecurelabs.com/article.php?sid=230 i wrote yesturday, phpnuke
store Base64 encoded admin password in a cookie that can be stolen.
Know that postnuke 0.6.4 is also vulnerable cause postnuke store base64
encoded admin password in a cookie.

regards,

---
Cabezon Aurélien | aurelien.cabezon@isecurelabs.com
http://www.iSecureLabs.com | French Security Portal

____________________________________________
" Sachez qu'aujourd'hui est le plus beau jour de votre vie,
car c'est le premier de ceux qu'il vous reste à vivre "


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23235] in bugtraq

more information about Phpnuke issue, postnuke vulnerable too !

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Cabezon_Aur=E9lien?)Fri Nov 23 18:08:25 2001

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Cabezon_Aur=E9lien?)
Fri Nov 23 18:08:25 2001