Re: e107 website system Vulnerability

From: Tjebbe de Winter (Tjebbe.deWinter_at_private)
Date: Fri Jul 25 2003 - 08:13:15 PDT

Next message: Denis Jedig: "Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")"

Previous message: Kent Borg: "ssh host key generation in Red Hat Linux"
In reply to: nokio x0: "Re: e107 website system Vulnerability"
Next in thread: Steve Dunstan: "Re: e107 website system Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 24, 2003 at 03:30:43PM -0500, nokio x0 wrote:
> Heh, I every site that i've come across running the e107 portal seems to ask 
> for admin login before you could use this exploit...Are you sure all 
> versions are vulnerable? Doesn't even work on my own system without asking 
> for login.

See: http://e107.org/news.php

If you post the dump_sql variable with method POST, it'll work.

Regards,

---
 Tjebbe...

-------------------------------------------------------------------------------
Tjebbe de Winter    |      Cysonet  Managed  Hosting      |  tjebbe @ cysonet.com
tel. +31 20 4703339 |       Managing the buzzwords.       |  http://cyso.nl
-------------------------------------------------------------------------------

Next message: Denis Jedig: "Re: TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")"
Previous message: Kent Borg: "ssh host key generation in Red Hat Linux"
In reply to: nokio x0: "Re: e107 website system Vulnerability"
Next in thread: Steve Dunstan: "Re: e107 website system Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 25 2003 - 11:30:52 PDT