|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Serious holes affecting JFFNMS
not
themoment.thanks
Date: Thu Jul 05 2007 - 06:48:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Per the following comments...
"Finally, the auth.php PHP script also includes the following code:
if (($jffnms_version=="0.0.0") && ($_SERVER["REMOTE_ADDR"]=="128.30.52.13")) {
which could be considered a backdoor althought it does not appear to be
exploitable in a typical installation."
...it should be noted that 128.30.52.13 is likely the source IP address of the W3.ORG validator. So perhaps the PHP code intends to behave differently during a W3.ORG validation test.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]