Bugtraq mailing list archives
Re: Gstebuch Version 1.5 Remote Command Execution Vulnerability
From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Fri, 10 Aug 2007 22:10:26 +0200
ilkerkandemir () mynet com schrieb am Fri, 10 Aug 2007 09:57:48 +0000:
echo "<meta http-equiv='refresh' content='0;URL=install.php'>"; redirecting brotha ;) Not RFI
Nice try, but you should read the lines above the redirection, too: | <?php | session_start(); | include($config["root_ordner"].'config.php'); | if (file_exists($root_ordner.'install.php')) | { | echo "<meta http-equiv='refresh' content='0;URL=install.php'>"; | exit; | } Your redirection is in line 6, the RFI in line 3. First hit wins: RFI. ;-) Regards, Carsten
Current thread:
- Gstebuch Version 1.5 Remote Command Execution Vulnerability rizgar (Aug 09)
- <Possible follow-ups>
- Re: Gstebuch Version 1.5 Remote Command Execution Vulnerability ilkerkandemir (Aug 10)
- Re: Gstebuch Version 1.5 Remote Command Execution Vulnerability Carsten Eilers (Aug 10)