Bugtraq mailing list archives
Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability
From: "Steven M. Christey" <coley () mitre org>
Date: Wed, 6 Sep 2006 19:19:13 -0400 (EDT)
This vulnerability is not that dangerous because, firstly, if you want to exploit it, you must have exact file tree and correct name of the malicious script because that variable is never used alone but always in concatanation with script name and generic extension
In a typical PHP exploit scenario, the attacker could merely add a null byte ("%00") to the phpbb_root_path parameter, which would then cause the include call to ignore this extra file tree/name information. Is there some reason why a null byte wouldn't work in this situation? - Steve
Current thread:
- Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability Steven M. Christey (Sep 07)