lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Oct 27 16:02:56 2005 From: nicob at nicob.net (Nicob) Subject: Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Le jeudi 27 octobre 2005 ? 08:54 -0500, Tatercrispies a ?crit : > And I really don't see how this could ever be used to execute > server-side script unless for some bizarre reason you had your > webserver so completely misconfigured as to be beyond imagination. Why > would you be parsing image files through the PHP interpreter. Please look at http://shsc.info/FileUploadSecurity#titelanker5 ... And yes, it happens in real life scenarios ! Nicob