[36683] in bugtraq
Re: HTTP Response Splitting and SQL injection in megabbs forum
daemon@ATHENA.MIT.EDU (PD9 Software)
Mon Sep 27 15:32:36 2004
Message-ID: <41570F8A.1020009@pd9soft.com>
Date: Sun, 26 Sep 2004 13:50:50 -0500
From: PD9 Software <info@pd9soft.com>
MIME-Version: 1.0
Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
In-Reply-To: <S695131AbUIZR44/20040926175656Z+226533@mail.yandex.ru>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
pigrelax wrote:
>URL: http://www.pd9soft.com
>Tested megabbs 2.1
>
>1. HTTP Response Splitting
>2. HTTP Response Splitting
>3. More and more SQL injection:
>
All three issues have been addressed, and updates have been posted at
http://www.pd9soft.com/. Thank you for bringing them to my attention.
However in the future, would it be too much to ask that I am contacted
first? I am very eager to fix any security vulnerabilities, but sipping
coffee on a lazy Sunday afternoon and seeing this broadcast to a public
list is a little disconcerting.
Thanks,
Matt Summers
PD9 Software, Inc
