RE: Development Teams Reply |
||
 Ker JeiAr 
Here is a post I am gonna send to BugTraq to show how dangerous this issue is and how it NEEDS to be fixed. Since the phpBB team do not seem to think the issues I found as outlined here are serious issues. http://www.gulftech.org/03202004.php I have decided to release some proof of concept exploit examples. The ones of you who know me are probably familiar with the fact GulfTech keeps exploit code and the like private in almost all cases and only shares it with known security researchers, but I feel this is the only way to make misinformed people believers. It's unfortunate, but I will limit the examples to deleting posts and not performing admin actions as my purpose is to not have anyone do any real harm to someones forum. http://www.gulftech.org/vuln/phpBBpoc/ There has also been a thread started about this issue on the CA Security forum. http://www.cyberarmy.net/forum/security/messages/203396.html If anyone wants to give thier opinion we would love to hear it as long as it is appropriate and not a flame or something unnecessary. We only want civilized discussion about this issue and a proposed fix :) Best Regards, JeiAr GulfTech Security Research GulfTech Security Research SubScan 1.2 Replies:
|
||
| CyberArmy::Forum v0.6 Generated In 0.01070 seconds |
2004-03-25 16:48:09
2004-03-24 03:17:41
2004-03-23 11:00:34
2004-03-23 11:16:40
2004-03-23 09:25:26