[horde] Security hole?
myhorde@nbiss.com
myhorde at nbiss.com
Wed May 3 09:02:18 PDT 2006
This came from the outside user and I don't have any.
There was also a lot of other stuff from the same IP.
My question is : is it possible to send this URL directly and receive
a valid response without having valid session?
Thanks
Quoting Jan Schneider <jan at horde.org>:
> Zitat von myhorde at nbiss.com:
>
>> This is from my Apache log file. Request was placed by the outside
>> user.
>> /horde/services/download/?module=imp&thismailbox=INBOX&index=24&mailbox=INBOX&actionID=download_attach&id=1.2&mimecache=2b0fe832996f2aaa63be59ce45f51c15&fn=%2Funnamed
>>
>> The response code was - 200.
>
> Yeah, and what is your question?
>
> Jan.
>
> --
> Do you need professional PHP or Horde consulting?
> http://horde.org/consulting/
>
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the horde
mailing list