[horde] Security hole?
myhorde@nbiss.com
myhorde at nbiss.com
Wed May 3 11:59:47 PDT 2006
This invading IP had a lot of sequential activity and every time it was
a valid HTTP response from my side.
I will provide more details later.
Thanks
Quoting Michael M Slusarz <slusarz at horde.org>:
> Quoting myhorde at nbiss.com:
>
>> This came from the outside user and I don't have any.
>> There was also a lot of other stuff from the same IP.
>> My question is : is it possible to send this URL directly and receive
>> a valid response without having valid session?
>
> No. in the case you gave, horde/services/download/index.php calls
> imp/view.php which calls imp/lib/base.php which is where we do
> authentication.
>
> michael
>
> ___________________________________
> Michael Slusarz [slusarz at horde.org]
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the horde
mailing list