Debug mode is a feature in IPB 2.0.0-2.1.7 that shows all database queries for each forum page requested. If Debug mode is turned on, it is possible for anyone to request a forgotten password for an account, and capture the validation key that is sent to the account's email address. This allows an attacker to change anyone's password without having access to the email account. Through debug mode, it is also possible to bypass captcha protection used to block bot actions(such as automated registration), and table names can also be discovered. Debug mode is turned off by default, yet there are no security warnings regarding this feature. It is best to keep it off at all times. ____________________________________________________________________________________ Everyone is raving about the all-new Yahoo! Mail (http://advision.webevents.yahoo.com/mailbeta/)
Attachment:
debug217.php
Description: 3262775774-debug217.php
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/