Bugtraq mailing list archives
Re: phpMyConferences_8.0.2 Remote File Inclusion
From: Tamriel <tamriel () gmx net>
Date: Wed, 25 Oct 2006 15:01:50 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Are you kidding me? How can you use lvc_include_dir when it`s defined one line above? And don`t tell that you can use ROOT_DIR_PATH instead of lvc_include_dir ... Outlaw () aria-security net wrote:
$lvc_include_dir = ROOT_DIR_PATH."common/visiteurs/include/"; include_once($lvc_include_dir.'new-visitor.inc.php'); [...] #POC: http://site.com/{path}/init.php?lvc_include_dir=SHELL
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFFP8KuqBhP+Twks7oRCol8AJkBZTu+QNwzVKE6nu1ga0d216Cw6wCfWeKd by5FR8zv9eoOQ4SNTmVTqvU= =GkMY -----END PGP SIGNATURE-----
Current thread:
- phpMyConferences_8.0.2 Remote File Inclusion Outlaw (Oct 25)
- Re: phpMyConferences_8.0.2 Remote File Inclusion Tamriel (Oct 25)