lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: 25 Jan 2005 16:37:02 -0000
From: Harold Lines <hlines@...c.com>
To: bugtraq@...urityfocus.com
Subject: Re: ADVISORY: security hole (http response splitting) in snitz
    forums    2000


In-Reply-To: <20040916150024.04B7BE5BC9@...-2.us4.outblaze.com>

The bug fix was posted on the Snitz message boards on 20 September 2004:

http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791

"to fix this issue, simply remove the following line from down.asp (approx line 76)

if request.form("location") <> "" then response.redirect(request.form("location"))

it is not required."

Snitz Forums 2000 Version 3.4.05 was released on 29 September 2004 and incorporated the bug fix:

http://forum.snitz.com/forum/topic.asp?TOPIC_ID=54957

>Vendor status: vendor contacted several times (email to support@ and to the contact email in the code). No response from vendor.

Note on this page:

http://forum.snitz.com/support.asp

"Please do not send support requests by e-mail. Due to the huge increase in support requests we can't answer those anymore. But you'll notice that your question, if posted in the support forums, will be answered prompt."

There is a "DEV Bug Reports (Open)" forum on their discussion board:

http://forum.snitz.com/forum/forum.asp?FORUM_ID=11


Powered by blists - more mailing lists