#46 security, one can change $_SERVER['SERVER_NAME'] to override

closed-fixed
nobody
None
5
2003-09-29
2003-09-28
Xuefer
No

security, one can change $_SERVER['SERVER_NAME'] to
override other vhosts' cached content
specially opensource code, everyone know the key

$myhost = $_SERVER['SERVER_NAME'];
$_SERVER['SERVER_NAME'] = 'example.com';
mmcache_set('...', '...');
$_SERVER['SERVER_NAME'] = $myhost;

Discussion

  • Dmitry Stogov

    Dmitry Stogov - 2003-09-29

    Logged In: YES
    user_id=124551

    The security hole is fixed in release 2.4.1.

     
  • Dmitry Stogov

    Dmitry Stogov - 2003-09-29
    • status: open --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks