Simon Willison’s Weblog

Subscribe

Items tagged squirrelmail

Filters: squirrelmail × Sorted by date

The backdooring of SquirrelMail. A SquirrelMail developer’s account was compromised and used to insert a backdoor: the other developers initially missed the hole because it used $_SERVER[’HTTP_BASE_PATH’], which can be set with a Base-Path: HTTP header.

# 28th December 2007, 11:40 pm / backdoor, http, php, security, squirrelmail

Types

Years

Tags