dr.t3rr0r1st (at) yahoo (dot) com [email concealed] schrieb am Thu, 17 Aug 2006 21:14:13 +0000:
>ok , here we go
>
>
>foreach ($avail_types as $type) {
Here $type is set to the values of the
$avail_types-Elements and then
>include($type . ".plugin.php");
$type is used for include. Initialized with
elements of $avail_types.
>here's the source
I see. But I see no vulnerability.
>so what's the problem ? your source is correct but
>the source that i found the vuln. in it , shows that
>there is a Remote File Inclusion Vulnerabilite in
>your script
It's not my script.
But where's your inclusion vulnerability?
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
dr.t3rr0r1st (at) yahoo (dot) com [email concealed] schrieb am Thu, 17 Aug 2006 21:14:13 +0000:
>ok , here we go
>
>
>foreach ($avail_types as $type) {
Here $type is set to the values of the
$avail_types-Elements and then
>include($type . ".plugin.php");
$type is used for include. Initialized with
elements of $avail_types.
>here's the source
I see. But I see no vulnerability.
>so what's the problem ? your source is correct but
>the source that i found the vuln. in it , shows that
>there is a Remote File Inclusion Vulnerabilite in
>your script
It's not my script.
But where's your inclusion vulnerability?
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>
[ reply ]