Jul 15, 2009 23:05
If you have domain forwarding enabled, a user can take control of www.sitename.com. (note the trailing dot) and possibly get ahold of the users master cookie, as well as some other pretty vile things.
Adding $host =~ s/\.$//; on line 256 of cgi-bin/Apache/LiveJournal.pm should correct this issue.
server: domains,
security bug reports,
*announce,
server
Leave a comment
Comments 3
Reply
(The comment has been removed)
Reply
Reply
Leave a comment