| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <435BE28A.8040708@php.net> Date: Sun Oct 23 21:13:36 2005 From: sesser at php.net (Stefan Esser) Subject: Re: Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability (Stefan Esser) Hello Maksymilian Arciemowicz, > It is low local file inclusion. No critical. Standart have you > $cfg['ThemePath']. I suggest, that you actually read advisories before commenting on them. It is possible to empty $cfg['ThemePath'] from the outside, that is the whole clue about the exploit. And this has nothing todo with your original advisory. Beside the fact, that for the bug you speak about, that indeed still exists, you additionally need register_globals turned to on. Stefan Esser -- -------------------------------------------------------------------------- Stefan Esser sesser@....net Hardened-PHP Project http://www.hardened-php.net/ GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78 Key fingerprint 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78 --------------------------------------------------------------------------
Powered by blists - more mailing lists