Re: Serious holes affecting JFFNMS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Serious holes affecting JFFNMS
From: not@xxxxxxxxxxxxxxxx
Date: 5 Jul 2007 11:48:36 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Per the following comments...

"Finally, the auth.php PHP script also includes the following code:

if (($jffnms_version=="0.0.0") && ($_SERVER["REMOTE_ADDR"]=="128.30.52.13")) {

which could be considered a backdoor althought it does not appear to be
exploitable in a typical installation."

...it should be noted that 128.30.52.13 is likely the source IP address of the 
W3.ORG validator.  So perhaps the PHP code intends to behave differently during 
a W3.ORG validation test.

Prev by Date: [security bulletin] HPSBPI02228 SSRT071404 rev.1 - HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access
Next by Date: Redirection Vulnerability in wp-pass.php, WordPress 2.2.1
Previous by thread: Serious holes affecting JFFNMS
Next by thread: SpyBye 0.3 released
Index(es):
- Date
- Thread