hi gwoo i want to give you a email,but i don't know your email,so i
have a problem
about 1.20 bug
i write this in postcontroller ajax is well,but write this in
appcontroller is wrong,about ajax.
my website:www.zhuyinghao.com
var $helpers = array('Html', 'Form', 'Javascript', 'Ajax');
On 1月17日,
There is a very easy way to exploit this. I wrote about it here:
http://www.pseudocoder.com/archives/2009/01/22/cakephp-digest-6/
-Matt
http://www.pseudocoder.com
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Cak
Nice to know this. I'm going to update before I write a new post
concerning what I believe is a bug in the auth component.
Brb
On Jan 21, 6:31 pm, Schreck wrote:
> You could probably d/l fiddler2 (http://www.fiddler2.com/fiddler2/)
> and use that to do whatever injections are needed. This app a
You could probably d/l fiddler2 (http://www.fiddler2.com/fiddler2/)
and use that to do whatever injections are needed. This app also works
with any browser that supports proxies and even works remotely.
On Jan 19, 7:38 am, Pyrite wrote:
> Is there a way to test this CVE without Firefox? I do not
@mlix
changeset 7979 fixed the issue.
Security prevents CSRF and ensures that form inputs properly match the
values being submitted.
@Pyrite
im so sorry. I don't really have a way around your IE7 problem, short
of storming the castle and demanding your work installs FF.
--~--~-~--~~--
Is there a way to test this CVE without Firefox? I do not have the
option of Firefox at work. Only IE7.
On Jan 16, 4:14 pm, Gwoo wrote:
> After the release of 1.2 Final, we received a lot of attention. Some
> of this came in the form of a security concern. The issue could affect
> sites relying
Is there a link to the details of the security concern? I know it's
fixed now but I'm interested if I should always use the Security
Component and what the implication is if I don't.
Tried googling and looking in Trac but I can't seem to find out what
the problem was.
On Jan 16, 10:14 pm, Gwoo
Thanks for the heads-up.
Updating now...
On Jan 16, 11:14 pm, Gwoo wrote:
> After the release of 1.2 Final, we received a lot of attention. Some
> of this came in the form of a security concern. The issue could affect
> sites relying on the AuthComponent for user authentication, without
> the u
After the release of 1.2 Final, we received a lot of attention. Some
of this came in the form of a security concern. The issue could affect
sites relying on the AuthComponent for user authentication, without
the use of the SecurityComponent. Essentially, an attacker may be able
to obtain credentia