News Register Control Panel Private Messages Members List Team Search News Posts About Us 		 

PHP-Nuke mail CRLF Injection vulnerabilities
  Author: Ravish Ahuja
 Added: 12/21/2002
 Type: Advisory
 Viewed: 383 time(s)
 Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10Average visitor rating of 8.7/10
Vendor Status & Patch

I didn't contact the vendor, as Fransisco has a very bad track
record when it comes to replying to security reports.
 
Instead I wrote an unofficial patch for this issue. I have patched
against version 6.0.

The patch simply replaces all CR and LF characters in the vulnerable
variables with spaces, and then the exploit doesn't work anymore.

Article Pages:  � Prev | 1 | 2 | 3 | 4 | 5 | Next �  


How would you rate this article:    Bad Good   Go � 


� Copyright Linux Advisory 2003. All rights reserved.
We are not responsible for the comment and story contributed by users.