Bugtraq mailing list archives
Re: discloser 0.0.4 Remote File Inclusion (with Exploit)
From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Thu, 17 Aug 2006 22:04:12 +0200
Hi, dr.t3rr0r1st () yahoo com schrieb am Wed, 16 Aug 2006 21:51:24 +0000:
$req = HTTP::Request->new(GET =>$bpath. 'plugins/plugins.php?>type='.$cmdo.'?&'.$bcmd.'='.$cmd) or die "\n Could not connect !\n";
With other words: You want to use parameter 'type' in plugins/plugins.php. But in plugins/plugins.php we have | <? | | // add additional types to the below array. | | $avail_types = array('short', 'long'); | $_SESSION['avail_types'] = $avail_types; | foreach ($avail_types as $type) { | include($type . ".plugin.php"); | } | | | ?> As you can see is $type set to values of $avail_types, which is intialized two lines above. So there ist no way to manipulate either $type or $avail_types. So there is no vulnerability, here. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
Current thread:
- discloser 0.0.4 Remote File Inclusion (with Exploit) dr . t3rr0r1st (Aug 17)
- Re: discloser 0.0.4 Remote File Inclusion (with Exploit) Carsten Eilers (Aug 17)
- <Possible follow-ups>
- Re: Re: discloser 0.0.4 Remote File Inclusion (with Exploit) dr . t3rr0r1st (Aug 18)
- Re: discloser 0.0.4 Remote File Inclusion (with Exploit) Carsten Eilers (Aug 22)