D3nGeR (at) Gmail (dot) CoM [email concealed] schrieb am Fri, 25 Aug 2006 22:50:11 +0000:
>#####################################
>#############################################
>
>#Jupiter CMS 1.1.5 index.php Remote File Include
>
># the code
>
>#$template = "default";
>
># include "templates/$template/id.php";
Nice try. But as you wrote yourself: $template is
initalized with "default", so what happens to your
template=[Evil Code]? Right, it's overwritten, gone,
away.
The result: No vulnerability.
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
D3nGeR (at) Gmail (dot) CoM [email concealed] schrieb am Fri, 25 Aug 2006 22:50:11 +0000:
>#####################################
>#############################################
>
>#Jupiter CMS 1.1.5 index.php Remote File Include
>
># the code
>
>#$template = "default";
>
># include "templates/$template/id.php";
Nice try. But as you wrote yourself: $template is
initalized with "default", so what happens to your
template=[Evil Code]? Right, it's overwritten, gone,
away.
The result: No vulnerability.
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>
[ reply ]