[vuxml entry] phpBB 2.0.8a ip spoofing
Kang Liu
liukang at bjpu.edu.cn
Tue Apr 20 09:59:55 PDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thank you very much for informing me of this problem.
I've read it from bugtraq and tested it on my own computer.
I think the IP spoof vulnerability can be confirmed.
But as you said, this vulnerability only affect the boards which use
IP based ACL,
By default, there is no IP based ACL unless the board manager create
it.
I do not mean this problem can be ignored,
Further more, there might be another problem which may lead to DoS.
I'm trying to contact with the founder to confirm the potential
vulnerability,
After that I will send a PR as soon as I can.
Regards,
Liu Kang
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQIVWvNCgh1up3pM4EQIVAwCcDcRZ/hcnQ8RTAn5Lp5lSTAneQeoAoPw4
o4dR7Gh1fo36pP+hWSsVjf3w
=Fmto
-----END PGP SIGNATURE-----
More information about the freebsd-vuxml
mailing list