more information about Phpnuke issue, postnuke vulnerable too !

From: Cabezon Aurélien (aurelien.cabezonat_private)
Date: Thu Nov 22 2001 - 14:54:54 PST

Next message: NetBSD Security Officer: "NetBSD Security Advisory 2001-018 Remote Buffer Overflow Vulnerability in LPD"

Previous message: Thomas Biege: "SuSE Security Announcement: cyrus-sasl (SuSE-SA:2001:042)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi list and phpnuke admin !

As you know now, according to little advisory/demonstration
http://www.isecurelabs.com/article.php?sid=230 i wrote yesturday, phpnuke
store Base64 encoded admin password in a cookie that can be stolen.
Know that postnuke 0.6.4 is also vulnerable cause postnuke store base64
encoded admin password in a cookie.

regards,

---
Cabezon Aurélien | aurelien.cabezonat_private
http://www.iSecureLabs.com | French Security Portal


____________________________________________
" Sachez qu'aujourd'hui est le plus beau jour de votre vie,
car c'est le premier de ceux qu'il vous reste à vivre "

Next message: NetBSD Security Officer: "NetBSD Security Advisory 2001-018 Remote Buffer Overflow Vulnerability in LPD"
Previous message: Thomas Biege: "SuSE Security Announcement: cyrus-sasl (SuSE-SA:2001:042)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 23 2001 - 15:07:39 PST