[pLog-svn] sql exploit?

Jon Daley plogworld at jon.limedaley.com
Tue Jun 10 13:20:55 EDT 2008 

 	Yeah - though when I posted on one of those sites, I got about 400 
hundreds spams and bounces in the next couple hours before I asked them to 
remove my email address from the web...

On Wed, 11 Jun 2008, Mark Wu wrote:

> So, maybe we should send a mail to NIST and ask them to correct this?
>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.lifetype.net
>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
>> Sent: Wednesday, June 11, 2008 1:10 AM
>> To: LifeType Developer List
>> Subject: Re: [pLog-svn] sql exploit?
>>
>>  	That's what I thought they were talking about.  But, it
>> was updated today, and makes it look like it is across all versions.
>>
>> On Wed, 11 Jun 2008, Mark Wu wrote:
>>
>>> This bug exist in version 1.0.x, but already fixed after verion 1.1.
>>>
>>> Mark
>>>
>>>> -----Original Message-----
>>>> From: plog-svn-bounces at devel.lifetype.net
>>>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
>>>> Sent: Wednesday, June 11, 2008 12:27 AM
>>>> To: LifeType SVN
>>>> Subject: [pLog-svn] sql exploit?
>>>>
>>>> Can anyone duplicate this?  I can't on the current svn
>> branch, and I
>>>> downgraded to 1.2.8 and can't either.
>>>>
>>>> (I also checked Reto's blog, and got the same error as mine -
>>>> error_fetching_album)
>>>>
>>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2629
>>>>
>>>> Maybe the security report has a typo in it, and it is only
>> a drupal
>>>> module that it is affected.  The example exploit shows downloading
>>>> lifetype from sourceforge...
>>>>
>>>>
>>>> --
>>>> Jon Daley
>>>> http://jon.limedaley.com
>>>> ~~
>>>> I want to get quoted. I think I say enough stuff to get quoted.
>>>> -- JoAnn Paul
>>>> _______________________________________________
>>>> pLog-svn mailing list
>>>> pLog-svn at devel.lifetype.net
>>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.lifetype.net
>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>>
>> --
>> Jon Daley
>> http://jon.limedaley.com
>> ~~
>> If it weren't for the last minute, nothing would get done.
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>

-- 
Jon Daley
http://jon.limedaley.com
~~
Maybe we're too stupid. Maybe there's an algorithm out there and
we're just not getting it. It's a possibility.
-- Professor Tygar

More information about the pLog-svn mailing list