lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <200708242157.46776@proffe.kibibyte.se>
Date: Fri, 24 Aug 2007 21:57:46 +0200
From: Magnus Holmgren <holmgren@...ator.liu.se>
To: bugtraq@...urityfocus.com
Subject: Re: SPIP v1.7 Remote File Inclusion Bug

On Thursday 23 August 2007 12:04, system-errrror@...mail.com wrote:
> ++ Bug in :  "SPIP-v1-7r/inc-calcul.php3"
> ++-------------------------------------------------------------------------
> ++ Vlu Code:  -----------------------------
> ++           || include($squelette_cache); ||
> ++            -----------------------------

Errr, that line is inside a function *and* the variable is even properly 
initialized. There's no way the mentioned exploit can work.

Furthermore, version 1.7 is over three years old. The most current version is 
1.9.2.

-- 
Magnus Holmgren        holmgren@...ator.liu.se
                       (No Cc of list mail needed, thanks)

  "Exim is better at being younger, whereas sendmail is better for 
   Scrabble (50 point bonus for clearing your rack)" -- Dave Evans

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ