*ShoutBox
Pages: [1]   Go Down
« previous next »
Author Topic: Note to Staff  (Read 263 times)
0 Members and 1 Guest are viewing this topic.
Kirara Munashi'i
Espiritus Vulpus Demonica
Operator
Kitsune
*******

Karma: +23/-17
Offline Offline

Posts: 495


Please stay... We will PrOtEcT you...



View Profile WWW
« on: May 03, 2009, 09:48:00 AM »
If you have noticed some strange activity coming from my IP address regarding session hiccups and bad referrer URL's, I've been playing with a script I made in my PM to test a theory I have about SMF. It did not succeed, so no need to worry. If it did, I would report the security hole (I'm not that much of an asshole).

More information regarding the sample script can be found here. If for some reason the hole is open, I suggest patch it. This script allows you to steal someone else's session using malformed URL's by exploiting SMF's inability to handle URL's correctly in order to forge a cookie and login as that person.
« Last Edit: May 03, 2009, 09:52:24 AM by Kirara Munashii » Logged
"I say this and it is short and sharp, without elegance, like a bark; but I have no idea how else to start. I am only a fox: I have no elegances of language."
~Kitsune (From the novel "Fox Woman" By: Kij Johnson)
Pages: [1]   Go Up
« previous next »
Jump to: