[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <200611061830.14407.admin@xencon.net>
Date: Mon, 6 Nov 2006 18:30:07 +0100
From: Heiko Wundram <admin@...con.net>
To: bugtraq@...urityfocus.com
Subject: Re: @cid stats v2.3 File Include
Am Sonntag, 5. November 2006 23:33 schrieb mahmood ali:
> <snip bullcrap>
Completely bogus.
If you look closely, the corresponding code in install.php3 is used to create
a config file which contains a statement setting $repertoire (from a user
input, so here is your injection attack for an install script, which is
pretty much what you want, I'd guess). Anyway, if you don't delete
install.php3 after the installation is complete, it's your own fault.
--
--- Heiko Wundram.
x|encon Support der
Gehrkens.IT GmbH
FON 0511-59027955 | http://www.gehrkens.it
FAX 0511-59027956 | http://www.xencon.net
Gehrkens.IT GmbH
Mailänder Strasse 2
30539 Hannover
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists