Log in

No account? Create an account
LiveJournal Development [entries|archive|friends|userinfo]
LiveJournal Development

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

July 15th, 2009

Potential security issue with people adding a trailing '.' to your domain [Jul. 15th, 2009|11:05 pm]
LiveJournal Development


[Tags|, , , ]

If you have domain forwarding enabled, a user can take control of www.sitename.com. (note the trailing dot) and possibly get ahold of the users master cookie, as well as some other pretty vile things.

Adding $host =~ s/\.$//; on line 256 of cgi-bin/Apache/LiveJournal.pm should correct this issue.
link3 comments|post comment

[ viewing | July 15th, 2009 ]
[ go | Previous Day|Next Day ]