security problem

pioklo · Mar 17, 2007

http://www.securityfocus.com/archive/1/463003/30/30/threaded

Regards,
Piotr

smoked1 · Mar 17, 2007

That does not look good. Do you know if they fixed this yet?

pioklo · Mar 17, 2007

I have tested this sploit on 1.8 version of DA and it doesnt work

In logs:
2007:03:17-20:09:16: User pioklo tried to set domain= on /CMD_USER_STATS
2007:03:17-20:09:16: User pioklo tried to set DOMAIN= on /CMD_USER_STATS

Regards,
Piotr

floyd · Mar 17, 2007

How is this an exploit? What can possibly be done? I just don't see the problem. The attacker must be authenticated. Are they able to affect other users? Are they able to hack the server?

nobaloney · Mar 18, 2007

This isn't really a security issue.

However, since it's now been reported three times, DA staff has decided to eliminate the feature.

Full discussion in this thread.

Jeff

security problem

pioklo

Verified User

smoked1

Verified User

pioklo

Verified User

floyd

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †