sweet man :) |
||
 LtKer Semper I've kept up with this issue here and on the phpbb forums and still don't see why their dev team doesn't just say "We understand the issues and will release fixes for them as soon as we find time to work on them." or something to that deminer. Some of the dev team seems totally hostile towards the issue and some of the others seem totally resistant to even wanting to fix the problem properly. IMHO I think they are resistant to the session_id implementation because they don't know how to implement them properly. I dunno though. :) Good job on your findings though. :) On 2004-03-25 12:11:30, JeiAr wrote >Well, I think i got most things secured on the GulfTech Forums with the exception of the ACP issues which is gonna require a good bit of work as there is NO session checking implemented there so it seems, and just transferring the modcp session auth over doesn't seem to wok sooooo > > >Anyway, here ya go :) > >http://www.gulftech.org/vuln/phpBBadminFix.rar >http://www.gulftech.org/vuln/phpBBpostDeletion.rar >http://www.gulftech.org/vuln/phpBBlogoutFix.rar > --Semper Replies:
|
||
| CyberArmy::Forum v0.6 Generated In 0.01055 seconds |
2004-03-22 04:23:47
2004-03-24 03:17:41
2004-03-23 11:00:34
2004-03-23 11:16:40
2004-03-23 09:25:26