BugTraq
phpBB 2.0.8a and lower - IP spoofing vulnerability Apr 19 2004 12:01AM
Ready Response (wang mod-x co uk) (2 replies)
Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Apr 20 2004 12:15PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Dear Ready Response,

--Monday, April 19, 2004, 4:01:29 AM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:

RR> the users IP address in the common.php script. This issue is caused
RR> by blind trust of the X-Forwarded-For HTTP header. A remote attacker

This issue is very common for different BBs (for example Iconboard has
same problem), in addition to IP spoofing it's usually possible to cause
crossite scripting by inserting script into forgery X-Forwarded-For
header.

--
~/ZARAZA
Íî âåäü êîìó óãîäíî ìîãóò ïðèéòè â ãîëîâó ÿéöà, ïÿòêè è åïèñêîïû. (Ëåì)

[ reply ]
Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Apr 21 2004 01:10AM
Xin LI (delphij frontfree net) (1 replies)
Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Apr 28 2004 09:03AM
BlueRaven (blue ravenconsulting it) (1 replies)
Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Apr 29 2004 02:16AM
Xin LI (delphij frontfree net)
Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Apr 19 2004 08:05PM
Shaun Colley (shaunige yahoo co uk)


 

Privacy Statement
Copyright 2010, SecurityFocus