Dre (exor674) wrote in lj_dev,

Potential security issue with people adding a trailing '.' to your domain

If you have domain forwarding enabled, a user can take control of www.sitename.com. (note the trailing dot) and possibly get ahold of the users master cookie, as well as some other pretty vile things.

Adding $host =~ s/\.$//; on line 256 of cgi-bin/Apache/LiveJournal.pm should correct this issue.
Tags: *announce, security bug reports, server, server: domains

  • LJ Picture Uploader

    Hello, guys! Lately I made a program to upload pictures on LJ server ( Page on SoftPedia). It's quite simple at look and same simple in use, so hope…

  • Installing Livejournal: location of files and importance of Subversion

    I wish to install Livejournal for my website. I tried my best, but I could not find a page or location from where I can download the LJ installation…

  • new Oragir v0.2 beta

    oragir v0.2 beta the second beta version is released. there are following features and changes: can download the whole journal from LJ server and…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded