Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PsychoStats 3.0.6b and prior

From: kefka <kefka () kevinbeardsucks com>
Date: Sat, 19 May 2007 01:06:11 -0400
Correction: it should be 
$pathto*psycho*stats/server.php?newcss=styles.css&newtheme=%00

and $pathto*psycho*stats/includes/smarty/Smarty.class.php

Took a passing glance at hlstats a few night prior.
I can provide more excuses upon request.

newtheme variable only expects "sane" behaivor, no arguement or an
arguement with any special character, etc.. will cause it to error and
display the full path to $pathtohlstats/includes/smarty/Smarty.class.php

$pathtohlstats/server.php?newcss=styles.css&newtheme=%00

Ex: Warning: Smarty error: unable to read resource: "server.html" in
$pathtohlstats/includes/smarty/Smarty.class.php on line 1088


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: