Bugtraqmailing list archives
Re: ADVISORY: security hole (http response splitting) in snitz forums 2000
From: Harold Lines <hlines () apsc com>
Date: 25 Jan 2005 16:37:02 -0000
In-Reply-To: <20040916150024.04B7BE5BC9 () ws7-2 us4 outblaze com>The bug fix was posted on the Snitz message boards on 20 September 2004:http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791"to fix this issue, simply remove the following line from down.asp (approx line 76)if request.form("location") <> "" then response.redirect(request.form("location"))it is not required."Snitz Forums 2000 Version 3.4.05 was released on 29 September 2004 and incorporated the bug fix:http://forum.snitz.com/forum/topic.asp?TOPIC_ID=54957
Vendor status: vendor contacted several times (email to support@ and to the contact email in the code). No response from vendor.
Note on this page:http://forum.snitz.com/support.asp"Please do not send support requests by e-mail. Due to the huge increase in support requests we can't answer those anymore. But you'll notice that your question, if posted in the support forums, will be answered prompt."There is a "DEV Bug Reports (Open)" forum on their discussion board:http://forum.snitz.com/forum/forum.asp?FORUM_ID=11
Current thread:
- Re: ADVISORY: security hole (http response splitting) in snitz forums 2000Harold Lines (Jan 25)