On Wed, May 13, 2009 at 9:00 AM, Andrew Berry <andrewberry@sentex.net> wrote:
On 12-May-09, at 9:22 PM, Karoly Negyesi wrote:
This guy believes in full disclosure so much he discloses everything he finds instead letting us fix and disclose.
Did he report this issue? http://justin.madirish.net/node/339. I still seems exploitable. I see he's been credited for SA's in the past. It's a shame that the noise from him is drowning out the real issues he's finding.
It's the same as http://drupal.org/node/372836 or maybe it's even the issue that prompted http://drupal.org/node/372836 Either way, it's "addressed." Regards, Greg -- Greg Knaddison | 303-800-5623 | http://growingventuresolutions.com Cracking Drupal - Learn to protect your Drupal site from hackers Now available from Wiley http://crackingdrupal.com