Re: Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below

From: Joao Gouveia (jgouveiaat_private)
Date: Fri Aug 10 2001 - 08:30:10 PDT

Next message: Richard M. Smith: "Can we afford full disclosure of security holes?"

Previous message: Derek Martin: "Re: Xerox N40 printers and Code Red worm"
In reply to: kill-9at_private: "Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This has been reported to phpBB staff on May 16, and forwared to Bugtraq by
me some days ago.


----- Original Message -----
From: <kill-9at_private>
To: <bugtraqat_private>
Sent: Friday, August 10, 2001 8:20 AM
Subject: Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and
below


> note to editors: please leave all links intact.
> ###########################################
> ########
> Easily and Remotely Pipe a Covert Shell on phpBB
> version 1.4.0 and below
>
> found and written by: kill-9at_private
> http://www.modernhacker.com
(...)
> Note: phpBB team has known about this vulnerability
> and failed to alert the public. Their acknoledgement is
> seen in the 1.4.1 source code comments.

See my other post.

> ###########################################
> ########
>

Regards,

Joao Gouveia
--------------

Next message: Richard M. Smith: "Can we afford full disclosure of security holes?"
Previous message: Derek Martin: "Re: Xerox N40 printers and Code Red worm"
In reply to: kill-9at_private: "Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 09:26:06 PDT