[37974] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: phpBB Worm

daemon@ATHENA.MIT.EDU (steve@uptime.org.uk)
Fri Dec 24 13:08:49 2004

Date: 24 Dec 2004 16:10:26 -0000
Message-ID: <20041224161026.27228.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <steve@uptime.org.uk>
To: bugtraq@securityfocus.com

In-Reply-To: <20041223125859.GE3029@schlund.de>

>This assumes you're seeing GET-requests, but there are other ways 
>(e.g. POST) to exploit such code.

Whilst I understand your point, it should be noted that this vulnerability in phpBB is susceptible only to GET-based attacks: the vulnerable data is sourced from $HTTP_GET_VARS.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[37974] in bugtraq

Re: phpBB Worm

daemon@ATHENA.MIT.EDU (steve@uptime.org.uk)Fri Dec 24 13:08:49 2004

daemon@ATHENA.MIT.EDU (steve@uptime.org.uk)
Fri Dec 24 13:08:49 2004