Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ADVISORY: security hole (http response splitting) in snitz forums

from [Harold Lines] Network Security [Permanent Link]
Subject: Re: ADVISORY: security hole (http response splitting) in snitz forums 2000
Date: 25 Jan 2005 16:37:02 -0000 
In-Reply-To: <20040916150024.04B7BE5BC9@ws7-2.us4.outblaze.com>

The bug fix was posted on the Snitz message boards on 20 September 2004:

http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791

"to fix this issue, simply remove the following line from down.asp (approx line 
76)

if request.form("location") <> "" then 
response.redirect(request.form("location"))

it is not required."

Snitz Forums 2000 Version 3.4.05 was released on 29 September 2004 and 
incorporated the bug fix:

http://forum.snitz.com/forum/topic.asp?TOPIC_ID=54957


Vendor status: vendor contacted several times (email to support@ and to the 
contact email in the code). No response from vendor.


Note on this page:

http://forum.snitz.com/support.asp

"Please do not send support requests by e-mail. Due to the huge increase in 
support requests we can't answer those anymore. But you'll notice that your 
question, if posted in the support forums, will be answered prompt."

There is a "DEV Bug Reports (Open)" forum on their discussion board:

http://forum.snitz.com/forum/forum.asp?FORUM_ID=11
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: ADVISORY: security hole (http response splitting) in snitz forums 2000, Harold Lines <=
Previous by Date:  Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, Michael Hampton
Next by Date:  Re: "Local" and "Remote" considered insufficient, Frank Knobbe
Previous by Thread:  [Full-Disclosure] [USN-70-1] Perl DBI module vulnerability, Martin Pitt
Next by Thread:  Re: "Local" and "Remote" considered insufficient, Frank Knobbe
Indexes:  [Date] [Thread] [Top] [All Lists]