OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Cabezon Aurélien (aurelien.cabezonisecurelabs.com)
Date: Thu Nov 22 2001 - 16:54:54 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi list and phpnuke admin !

    As you know now, according to little advisory/demonstration
    http://www.isecurelabs.com/article.php?sid=230 i wrote yesturday, phpnuke
    store Base64 encoded admin password in a cookie that can be stolen.
    Know that postnuke 0.6.4 is also vulnerable cause postnuke store base64
    encoded admin password in a cookie.

    regards, 

    ---
Cabezon Aurélien | aurelien.cabezonisecurelabs.com
http://www.iSecureLabs.com | French Security Portal

    ____________________________________________
" Sachez qu'aujourd'hui est le plus beau jour de votre vie,
car c'est le premier de ceux qu'il vous reste à vivre "