Bugtraq mailing list archives

Re: LFI On SMF 1.1.3

From: Cornelius Riemenschneider <c.r1 () gmx de>
Date: Wed, 18 Jul 2007 19:03:52 +0000

jkloske () itee uq edu au schrieb:

Let me preface this by saying I'm not a security expert, however

considering that the above line is immediately preceeded by:


if (!isset($_REQUEST['action']) ||

!isset($actionArray[$_REQUEST['action']]))


...with a default action defined by either the theme or the the SMF

software itself (causing the LFI statement to never be reached), and
that $actionArray is statically defined beforehand; is this really an
LFI vulnerability, or just something that looks like the LFI pattern on
the surface?

It's NOT a security Vulnerability, false report, and @sirn0n, please
stop spamming, thx :)
Cornelius Riemenschneider
-- 

My source of power: www.humppa.com

Current thread:

LFI On SMF 1.1.3 sirn0n (Jul 17)
- <Possible follow-ups>
- Re: LFI On SMF 1.1.3 jkloske (Jul 18)
  - Re: LFI On SMF 1.1.3 Cornelius Riemenschneider (Jul 20)