Changes between Version 3 and Version 4 of Ticket #1518


Ignore:
Timestamp:
05/10/10 01:20:17 (7 years ago)
Author:
gogo
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1518 – Description

    v3 v4  
    2929All an attacker needs to submit his own configuration is. 
    3030 
     31{{{ 
    3132backend_data = array( 
    3233"session_name" => "PHPSESSID", 
     
    3536"hash" => sha1(KNOWN_SESSION_DATA . $data) 
    3637); 
     38}}} 
    3739 
    3840And the same attack is possible against the "old method" stored in all the config.inc.php files of all the plugins.