Bugtraq mailing list archives
Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability
From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Mon, 14 Aug 2006 21:26:33 +0200
sh3ll () sh3ll ir schrieb am Mon, 7 Aug 2006 20:19:08 +0000:
-------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~ in index.php We Found Vulnerability Script ----------index.php-------------------------------------- .... <?php include($rep_par_rapport_racine."inc/img.inc.php"); ?> ... -------------------------------------
This vulnerability doesn't exist, $rep_par_rapport_racine is initialized a few lines above this include. After the first reported wrong advisories from sh3ll () sh3ll ir I take a look at his new ones last weekend (rainy sunday here :-)). As I reported yesterday: All execept one are wrong. Looking on the mails from last week, I found this one. Wrong, too, as expected. Shit happens. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
Current thread:
- phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability sh3ll (Aug 07)
- Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)