| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Aug 2006 21:26:33 +0200 From: "Carsten Eilers" <ceilers-lists@....de> To: <bugtraq@...urityfocus.com> Subject: Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability sh3ll@...ll.ir schrieb am Mon, 7 Aug 2006 20:19:08 +0000: >-------------------------------------------------- > >Vulnerability: > >~~~~~~~~~~~~~ > >in index.php We Found Vulnerability Script > >----------index.php-------------------------------------- > >.... > ><?php > > include($rep_par_rapport_racine."inc/img.inc.php"); > > ?> > >... > >------------------------------------- This vulnerability doesn't exist, $rep_par_rapport_racine is initialized a few lines above this include. After the first reported wrong advisories from sh3ll@...ll.ir I take a look at his new ones last weekend (rainy sunday here :-)). As I reported yesterday: All execept one are wrong. Looking on the mails from last week, I found this one. Wrong, too, as expected. Shit happens. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
Powered by blists - more mailing lists