Bugtraq mailing list archives
Re: Smarty-2.6.1 Remote File Include Vulnerabilities
From: "J. Carlos Nieto" <xiamkong () yahoo com mx>
Date: Tue, 24 Oct 2006 08:50:07 -0500
On Mon, 2006-10-23 at 16:30 +0000, crackers_child () sibersavascilar com
<?php require_once './config.php'; require_once SMARTY_DIR . 'Smarty.class.php'; require_once 'PHPUnit.php';
SMARTY_DIR is a constant, isn't it?
http://www.site.com/Smarty-2.6.14/unit_test/test_cases.php?SMARTY_DIR=Sh3ll?
But you are passing a variable with value "Sh3ll". And since variable != constant it won't work, at least in the piece of code you gave us. Where is the bug? -- La civilización no suprime la barbarie, la perfecciona. -Voltaire http://xiam.underlife.org __________________________________________________ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.yahoo.com.mx/
Current thread:
- Smarty-2.6.1 Remote File Include Vulnerabilities crackers_child (Oct 23)
- Re: Smarty-2.6.1 Remote File Include Vulnerabilities J. Carlos Nieto (Oct 24)