Download
2013-01-11, 23:10:14
I would like to know how legitimate this cookie exploit is. I do not care about the others.
It seems it is an invalid exploit as we cannot reproduce.
It makes a critical assumption that the install is not using salted cookies.
We find that this is not the case, however it is possible if a file was removed as there is no fatal warnings and the fallback salt is indeed siteurl.
The lang post insertions is also not reproducible.
We use nonces for settings.php we also have a post['submitted'] evaluation.
Neither are present in your exploit. Even if CSRF protection was voluntarily turned off, it would still not work.
On a properly configured install that is indeed 3.1.2 this proof does not work.
Unless there is something essential missing from the public exploit feel free to pm me.
Also if you want to zip up that entire install and send it to me I would be willing to look at it.
It seems it is an invalid exploit as we cannot reproduce.
It makes a critical assumption that the install is not using salted cookies.
We find that this is not the case, however it is possible if a file was removed as there is no fatal warnings and the fallback salt is indeed siteurl.
The lang post insertions is also not reproducible.
We use nonces for settings.php we also have a post['submitted'] evaluation.
Neither are present in your exploit. Even if CSRF protection was voluntarily turned off, it would still not work.
On a properly configured install that is indeed 3.1.2 this proof does not work.
Unless there is something essential missing from the public exploit feel free to pm me.
Also if you want to zip up that entire install and send it to me I would be willing to look at it.
