Re: HTTP Response Splitting and SQL injection in megabbs forum

Subject: Re: HTTP Response Splitting and SQL injection in megabbs forum
From: PD9 Software <info@xxxxxxxxxxx>
Date: Sun, 26 Sep 2004 13:50:50 -0500
Cc: full-disclosure@xxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <S695131AbUIZR44/20040926175656Z+226533@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <S695131AbUIZR44/20040926175656Z+226533@xxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 0.8 (Windows/20040913)

pigrelax wrote:

URL: http://www.pd9soft.comTested megabbs 2.1
1. HTTP Response Splitting
2. HTTP Response Splitting
3. More and more SQL injection:

All three issues have been addressed, and updates have been posted athttp://www.pd9soft.com/. Thank you for bringing them to my attention.

However in the future, would it be too much to ask that I am contactedfirst? I am very eager to fix any security vulnerabilities, but sippingcoffee on a lazy Sunday afternoon and seeing this broadcast to a publiclist is a little disconcerting.


Thanks,
Matt Summers
PD9 Software, Inc

Prev by Date: Re:[3] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue
Next by Date: [CLA-2004:869] Conectiva Security Announcement - kernel
Previous by thread: New Macromedia Security Zone Bulletins Posted
Next by thread: [CLA-2004:869] Conectiva Security Announcement - kernel
Index(es):
- Date
- Thread