[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <200708242157.46776@proffe.kibibyte.se>
Date: Fri, 24 Aug 2007 21:57:46 +0200
From: Magnus Holmgren <holmgren@...ator.liu.se>
To: bugtraq@...urityfocus.com
Subject: Re: SPIP v1.7 Remote File Inclusion Bug
On Thursday 23 August 2007 12:04, system-errrror@...mail.com wrote:
> ++ Bug in : "SPIP-v1-7r/inc-calcul.php3"
> ++-------------------------------------------------------------------------
> ++ Vlu Code: -----------------------------
> ++ || include($squelette_cache); ||
> ++ -----------------------------
Errr, that line is inside a function *and* the variable is even properly
initialized. There's no way the mentioned exploit can work.
Furthermore, version 1.7 is over three years old. The most current version is
1.9.2.
--
Magnus Holmgren holmgren@...ator.liu.se
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists