Bugtraq mailing list archives

Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability

From: Francesco Laurita <francesco () francesco-laurita info>
Date: Mon, 29 Jan 2007 23:48:10 +0100

trzindan () hotmail fr ha scritto:

index.php

include(GNP_REAL_PATH . 'includes/common.php');

Bogus!
First: GNP_REAL_PATH is a constant which means it has an unchangeable
value (RTM)
Second: GNP_REAL_PATH is setted on line #39 (Open your eyes)

Regards
--
Francesco Laurita

Current thread:

gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability trzindan (Jan 29)
- Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability Francesco Laurita (Jan 30)