Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Konstantin Riabitsev (iconphy.duke.edu)
Date: Sun Mar 31 2002 - 15:21:40 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Wed, 2002-03-27 at 20:16, pokleyzz sakamaniaka wrote:
    > email user can append $THEME variable through
    > cookies

    This is very obscure and is limited only to valid users within your
    squirrelmail application (e.g. the person has to have a valid login in
    order to exploit this vulnerability). The problem is fixed in the
    current CVS and will be out with Squirrelmail-1.2.6. Here is the fix,
    should you want to apply it, or just wait till the next release, since
    this is not a high-risk vulnerability.

    Konstantin Riabitsev,
    Squirrelmail Bugmaster


    --- validate.php.orig Sun Mar 31 16:15:52 2002
    +++ validate.php Fri Mar 29 00:28:05 2002
    -61,6 +61,15
     * Include them down here instead of at the top so that all config
     * variables overwrite any passed in variables (for security).
    + * Reset the $theme() array in case a value was passed via a cookie.
    + * This is until theming is rewritten.
    + */
    +global $theme;

    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    -----END PGP SIGNATURE-----