Bugtraq mailing list archives
Re: ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include
From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Thu, 24 Aug 2006 00:51:34 +0200
Hi, h4ck3riran () yahoo com schrieb am Sun, 20 Aug 2006 07:52:31 +0000:
ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include----------------------------------------------Source :include($tcms_administer_site.'/tcms_global/database.php')
This is from index.php? Near the top of this script the variable is initalized: | include_once('site.php'); | $tcms_administer_site = $tcms_site[0]['path']; After that I found no way to manipulate $tcms_administer_site, so I see no vulnerability. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
Current thread:
- ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include h4ck3riran (Aug 21)
- Re: ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include Carsten Eilers (Aug 24)