BugTraq
@cid stats v2.3 File Include Nov 05 2006 10:33PM
mahmood ali (mah_k_2000 hotmail com) (1 replies)
Re: @cid stats v2.3 File Include Nov 06 2006 05:30PM
Heiko Wundram (admin xencon net)
Am Sonntag, 5. November 2006 23:33 schrieb mahmood ali:
> <snip bullcrap>

Completely bogus.

If you look closely, the corresponding code in install.php3 is used to create
a config file which contains a statement setting $repertoire (from a user
input, so here is your injection attack for an install script, which is
pretty much what you want, I'd guess). Anyway, if you don't delete
install.php3 after the installation is complete, it's your own fault.

--
--- Heiko Wundram.

x|encon Support der
Gehrkens.IT GmbH

FON 0511-59027955 | http://www.gehrkens.it
FAX 0511-59027956 | http://www.xencon.net

Gehrkens.IT GmbH
Mailänder Strasse 2
30539 Hannover
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBFT3Emp5nRf799dfYRAqpwAJ9RPPYB3k4f0Neatyjz5hjXKt0XEwCgh7Rd
sHw+zi0/9kuIotG43INKHbY=
=ImfQ
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus