Bugtraq mailing list archives
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability
From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Sun, 13 Aug 2006 14:31:44 +0200
sh3ll () sh3ll ir schrieb am Thu, 10 Aug 2006 20:53:46 +0000:
Sanitize Variabel $cfgLanguage in edit.php , functions.php , new.php , PageBottom.php & PageTop.php
Take a look at config.php: $cfgLanguage = 'uk'; // Which language do you prefer : // uk = English // nl = Dutch // de = German config.php is included in edit.php, new.php, PageBottom.php and PageTop.php at the top of the file, in functions.php at the top of relevant functions. No way to include something with cfgLanguage. Regards Carste -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
Current thread:
- Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability sh3ll (Aug 11)
- Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)
- <Possible follow-ups>
- Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability noname (Aug 14)
- Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability securityfocus (Aug 21)