On Monday 19 January 2009 19:42, Florent Daigni?re wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2009-01-19 13:02:31]: > > > There were at least: > > - A lack of validation on the captchas page which enabled collecting users IP > > addresses. This involved putting newlines into the headers in order to send > > extra headers and in particular redirects, and was actively exploited by > > nextgens to collect IP addresses. > > Unless you can prove it that's defamation ;)
Then I retract it ... but I'm fairly sure this bug is exploitable, that's the point. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20090119/2cbcc5f1/attachment.pgp>
