[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <45B553BC.9050904@expresshosting.net>
Date: Mon, 22 Jan 2007 18:15:56 -0600
From: Mailinglists Address <mailinglist@...resshosting.net>
To: bugtraq@...urityfocus.com
Subject: Re: Fantastic News <=- (news.php) Remote File Include Vulnerability
<- bogus... again
>
> Author: BorN To K!LL
>
Maybe this person should be called "BorN To Gr3p" or "BorN To Post Fake
and Pointl3ss ExploiTz!"
> #######################################################
>
> Bug in :. news.php
>
> code :
> require_once($CONFIG['script_path']."functions/functions.php");
> require_once($CONFIG['script_path']."functions/mysql.php");
> require_once($CONFIG['script_path']."functions/template.php");
Two lines above the previous code is the following two lines:
unset($CONFIG);
require_once("config.php");
Once again... security auditing via grep doesn't give you enough
information to post a complete and accurate bug/security report.
Honestly, do you have a bash one liner that you just feed scripts to,
that generates these bogus and pointless reports?
It is getting to the point where I almost don't bother to check the code
any more.
>
> GreeTz to :.
>
M4d pr0ps to vim, grep and sed.
Powered by blists - more mailing lists