El jue, 13-07-2006 a las 01:35 +0000, matdhule (at) gmail (dot) com [email concealed] escribió:
>
> require_once( $mosConfig_absolute_path .
> '/includes/domit/xml_domit_lite_include.php' );
>
> ------------------------------------------------------------
>
> Variables $mosConfig_absolute_path are not properly sanitized. When
> register_globals=on
> and allow_fopenurl=on an attacker can exploit this vulnerability with
> a
> simple php injection script.
I think that even if allow_fopenurl is not on you can open remote files
by using UNC style paths, such as \\mymachine\myresource\, of course,
under Win32 environments.
--
Zer gutxi balio duen langileen bizitza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
El jue, 13-07-2006 a las 01:35 +0000, matdhule (at) gmail (dot) com [email concealed] escribió:
>
> require_once( $mosConfig_absolute_path .
> '/includes/domit/xml_domit_lite_include.php' );
>
> ------------------------------------------------------------
>
> Variables $mosConfig_absolute_path are not properly sanitized. When
> register_globals=on
> and allow_fopenurl=on an attacker can exploit this vulnerability with
> a
> simple php injection script.
I think that even if allow_fopenurl is not on you can open remote files
by using UNC style paths, such as \\mymachine\myresource\, of course,
under Win32 environments.
--
Zer gutxi balio duen langileen bizitza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQBEtps+U6rFMEYDrlERAjmNAJ4uQAKzv7BlW4Veabh9+xV+wTUHaQCgikYv
sd6HlCg3nCFYgjLKhJxjO+s=
=BPrW
-----END PGP SIGNATURE-----
[ reply ]