Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities
Jan 15 2007 10:13PM
bmatheny mobocracy net
This is not a vulnerability. Since $languagepack is prefixed by "language/",
the PHP stream handler will simply try to open a local file. Also, you can
only modify $languagepack if register_globals is on, which, it rarely is
Can we stop with the PHP 'vulnerabilities' that aren't?
[ more ]
Copyright 2010, SecurityFocus