| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061107033534.7496.qmail@securityfocus.com> Date: 7 Nov 2006 03:35:34 -0000 From: simo64@...x.org To: bugtraq@...urityfocus.com Subject: Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include in admin.php we have .......... $include_path = dirname(__FILE__); // <== require_once $include_path."/admin/config.inc.php"; require_once $include_path."/lib/$DB_CLASS"; ........... At line 21 the variable $include_path is setted as 'dirname(__FILE__)' so remote file inclusion is not possible :) Regards
Powered by blists - more mailing lists