| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Re: tikiwiki 1.9.5 mysql password disclosure & xss |
| From: | drunken_chin@yahoo.com |
| Date: | 25 Nov 2006 00:05:54 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Another method to trigger this same bug is to pass a value that's too long - tiki-wiki_rss.php?ver=-65535 can be negative or positive, the webapp pukes the same info. Also affects earlier versions (1.9.2 tested). |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), stopmakingnoise |
|---|---|
| Next by Date: | Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?), Thor (Hammer of God) |
| Previous by Thread: | Re: tikiwiki 1.9.5 mysql password disclosure & xss, FBI |
| Next by Thread: | Outpost Insufficient validation of 'SandBox' driver input buffer, Matousec - Transparent security Research |
| Indexes: | [Date] [Thread] [Top] [All Lists] |