Bugtraq mailing list archives
Re: Ban v0.1 (bannieres.php) File Include
From: Francesco Laurita <francesco () francesco-laurita info>
Date: Sat, 28 Oct 2006 02:40:14 +0200
mahmood ali ha scritto:
In Line 13 :_ include "$chemin/includes/connexion.php" ;
Please, read source code better! At line 11 the variable $chemin is setted as "." Line 11: $chemin = "." ;Hower a security issue could be found at line 26 and line 32 where a sql injection is possible due to uncheked $id variable
Regards
Current thread:
- Ban v0.1 (bannieres.php) File Include mahmood ali (Oct 27)
- Re: Ban v0.1 (bannieres.php) File Include Francesco Laurita (Oct 28)