Bugtraq mailing list archives

Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability

From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Sun, 13 Aug 2006 14:31:44 +0200

sh3ll () sh3ll ir schrieb am Thu, 10 Aug 2006 20:53:46 +0000:

Sanitize Variabel $cfgLanguage in edit.php , functions.php , new.php ,
PageBottom.php 

& PageTop.php


Take a look at config.php:

$cfgLanguage    = 'uk';                                         // Which language do you prefer :
                                                                //      uk = English
                                                                //      nl = Dutch
                                                                //      de = German


config.php is included in edit.php, new.php, PageBottom.php 
and PageTop.php at the top of the file, in functions.php at
the top of relevant functions.

No way to include something with cfgLanguage.

Regards
 Carste

-- 
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz

<http://www.ceilers-it.de>

Current thread:

Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability sh3ll (Aug 11)
- Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability Carsten Eilers (Aug 14)
- <Possible follow-ups>
- Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability noname (Aug 14)
- Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability securityfocus (Aug 21)