Nice to know this. I'm going to update before I write a new post concerning what I believe is a bug in the auth component.
Brb On Jan 21, 6:31 pm, Schreck <[email protected]> wrote: > You could probably d/l fiddler2 (http://www.fiddler2.com/fiddler2/) > and use that to do whatever injections are needed. This app also works > with any browser that supports proxies and even works remotely. > > On Jan 19, 7:38 am, Pyrite <[email protected]> wrote: > > > Is there a way to test this CVE without Firefox? I do not have the > > option of Firefox at work. Only IE7. > > > On Jan 16, 4:14 pm, Gwoo <[email protected]> wrote: > > > > After the release of 1.2 Final, we received a lot of attention. Some > > > of this came in the form of a security concern. The issue could affect > > > sites relying on the AuthComponent for user authentication, without > > > the use of the SecurityComponent. Essentially, an attacker may be able > > > to obtain credentials as the first user of the system. If you are > > > interested in testing your site, you can use the SQL Inject Me plugin > > > for Firefox[1] > > > > Along with several other bugs, this issue was fixed in the recently > > > released CakePHP 1.2.1.8004 Stable. We highly recommend that users > > > upgrade to this release. > > > > A big thank you for all those who report these issues to us and allow > > > us to fix them. > > > > Bake on, > > > CakePHP team > > > > [1]https://addons.mozilla.org/en-US/firefox/addon/7597 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
