[pLog-svn] sql exploit?

Mark Wu markplace at gmail.com
Tue Jun 10 13:23:08 EDT 2008


Wow... 400  hundreds spams in several hours? Quite terrible.

> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net 
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
> Sent: Wednesday, June 11, 2008 1:21 AM
> To: LifeType Developer List
> Subject: Re: [pLog-svn] sql exploit?
> 
>  	Yeah - though when I posted on one of those sites, I 
> got about 400 hundreds spams and bounces in the next couple 
> hours before I asked them to remove my email address from the web...
> 
> On Wed, 11 Jun 2008, Mark Wu wrote:
> 
> > So, maybe we should send a mail to NIST and ask them to 
> correct this?
> >
> >> -----Original Message-----
> >> From: plog-svn-bounces at devel.lifetype.net
> >> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
> >> Sent: Wednesday, June 11, 2008 1:10 AM
> >> To: LifeType Developer List
> >> Subject: Re: [pLog-svn] sql exploit?
> >>
> >>  	That's what I thought they were talking about.  But, it 
> was updated 
> >> today, and makes it look like it is across all versions.
> >>
> >> On Wed, 11 Jun 2008, Mark Wu wrote:
> >>
> >>> This bug exist in version 1.0.x, but already fixed after 
> verion 1.1.
> >>>
> >>> Mark
> >>>
> >>>> -----Original Message-----
> >>>> From: plog-svn-bounces at devel.lifetype.net
> >>>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf 
> Of Jon Daley
> >>>> Sent: Wednesday, June 11, 2008 12:27 AM
> >>>> To: LifeType SVN
> >>>> Subject: [pLog-svn] sql exploit?
> >>>>
> >>>> Can anyone duplicate this?  I can't on the current svn
> >> branch, and I
> >>>> downgraded to 1.2.8 and can't either.
> >>>>
> >>>> (I also checked Reto's blog, and got the same error as mine -
> >>>> error_fetching_album)
> >>>>
> >>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2629
> >>>>
> >>>> Maybe the security report has a typo in it, and it is only
> >> a drupal
> >>>> module that it is affected.  The example exploit shows 
> downloading 
> >>>> lifetype from sourceforge...
> >>>>
> >>>>
> >>>> --
> >>>> Jon Daley
> >>>> http://jon.limedaley.com
> >>>> ~~
> >>>> I want to get quoted. I think I say enough stuff to get quoted.
> >>>> -- JoAnn Paul
> >>>> _______________________________________________
> >>>> pLog-svn mailing list
> >>>> pLog-svn at devel.lifetype.net
> >>>> http://limedaley.com/mailman/listinfo/plog-svn
> >>>
> >>> _______________________________________________
> >>> pLog-svn mailing list
> >>> pLog-svn at devel.lifetype.net
> >>> http://limedaley.com/mailman/listinfo/plog-svn
> >>>
> >>
> >> --
> >> Jon Daley
> >> http://jon.limedaley.com
> >> ~~
> >> If it weren't for the last minute, nothing would get done.
> >> _______________________________________________
> >> pLog-svn mailing list
> >> pLog-svn at devel.lifetype.net
> >> http://limedaley.com/mailman/listinfo/plog-svn
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://limedaley.com/mailman/listinfo/plog-svn
> >
> 
> --
> Jon Daley
> http://jon.limedaley.com
> ~~
> Maybe we're too stupid. Maybe there's an algorithm out there 
> and we're just not getting it. It's a possibility.
> -- Professor Tygar
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn



More information about the pLog-svn mailing list