BugTraq
Back to list
|
Post reply
Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability
Aug 10 2006 08:53PM
sh3ll sh3ll ir
(1 replies)
Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability
Aug 13 2006 12:31PM
Carsten Eilers (ceilers-lists gmx de)
sh3ll (at) sh3ll (dot) ir [email concealed] schrieb am Thu, 10 Aug 2006 20:53:46 +0000:
>Sanitize Variabel $cfgLanguage in edit.php , functions.php , new.php ,
>PageBottom.php
>
>& PageTop.php
Take a look at config.php:
$cfgLanguage = 'uk'; // Which language do you prefer :
// uk = English
// nl = Dutch
// de = German
config.php is included in edit.php, new.php, PageBottom.php
and PageTop.php at the top of the file, in functions.php at
the top of relevant functions.
No way to include something with cfgLanguage.
Regards
Carste
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
>Sanitize Variabel $cfgLanguage in edit.php , functions.php , new.php ,
>PageBottom.php
>
>& PageTop.php
Take a look at config.php:
$cfgLanguage = 'uk'; // Which language do you prefer :
// uk = English
// nl = Dutch
// de = German
config.php is included in edit.php, new.php, PageBottom.php
and PageTop.php at the top of the file, in functions.php at
the top of relevant functions.
No way to include something with cfgLanguage.
Regards
Carste
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>
[ reply ]