Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability Sep 19 2006 07:54PM
idontthinkso example com
I fail to see how this affects PunBB. The first thing PunBB does after receiving an uploaded avatar is:

move_uploaded_file($uploaded_file['tmp_name'], $pun_config['o_avatars_dir'].'/'.$id.'.tmp')

After that, $uploaded_file['tmp_name'] isn't used anymore. Am I missing something here or what?

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus