2008/11/8 Andrea De Iacovo <[EMAIL PROTECTED]>:
>
> As for sure I can mention something in the readme file with the next
> release.
Sure (OT: you may want to review the setup procedure too, because last
time I checked it was not very clear).
>
>>
>> > 5. the issue is related to wordpress only and
> 2008/11/7 Andrea De Iacovo <[EMAIL PROTECTED]>:
> > Il giorno ven, 07/11/2008 alle 15.36 -0600, Raphael Geissert ha scritto:
> >>
> >> You can also set cookies via javascript code, e.g.
> >> document.cookie = "GLOBALS=1;domain=.domain.tld";
> >
> > ok that's true.
> >
> > So let's see what we ha
On 8-11-2008 0:09, Andrea De Iacovo wrote:
> 6. we can try to prepare a workaround while we wait an officile fix from
> upstream: maybe I could implement a function to check out if dangerous
> cookies are present and stop any other operation until those cookies are
> not removed.
>
There is an
2008/11/7 Andrea De Iacovo <[EMAIL PROTECTED]>:
> Il giorno ven, 07/11/2008 alle 15.36 -0600, Raphael Geissert ha scritto:
>>
>> You can also set cookies via javascript code, e.g.
>> document.cookie = "GLOBALS=1;domain=.domain.tld";
>
> ok that's true.
>
> So let's see what we have:
> 1. $_REQUEST
Il giorno ven, 07/11/2008 alle 15.36 -0600, Raphael Geissert ha scritto:
> 2008/11/7 Andrea De Iacovo <[EMAIL PROTECTED]>:
> >> Hi,
> >>
> >> It is not just about the DoS (because as I demonstrated, there are
> >> other possible attacks).
> >> The whole point is that wordpress' (ab)use of $_REQUEST
> Hi,
>
> 2008/11/7 Thijs Kinkhorst <[EMAIL PROTECTED]>:
> > Hi,
> >
> > I don't think this is a grave security issue. It is only a DoS for one
> > client
> > application, which requires another vulnerability to be present, can be
>
> It is not just about the DoS (because as I demonstrated, ther
2008/11/7 Andrea De Iacovo <[EMAIL PROTECTED]>:
>> Hi,
>>
>> It is not just about the DoS (because as I demonstrated, there are
>> other possible attacks).
>> The whole point is that wordpress' (ab)use of $_REQUEST is leading to
>> more and more possible attacks (as I also demonstrated by showing h
Hi,
2008/11/7 Thijs Kinkhorst <[EMAIL PROTECTED]>:
> Hi,
>
> I don't think this is a grave security issue. It is only a DoS for one client
> application, which requires another vulnerability to be present, can be
It is not just about the DoS (because as I demonstrated, there are
other possible at
Hi,
I don't think this is a grave security issue. It is only a DoS for one client
application, which requires another vulnerability to be present, can be
easily resolved by deleting the relevant cookies, and does no other harm. As
there are many ways to DoS (web)applications and the impact is s
9 matches
Mail list logo
