Re: LFI On SMF 1.1.3 Jul 18 2007 12:51AM
jkloske itee uq edu au (1 replies)
Let me preface this by saying I'm not a security expert, however considering that the above line is immediately preceeded by:

if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']]))

...with a default action defined by either the theme or the the SMF software itself (causing the LFI statement to never be reached), and that $actionArray is statically defined beforehand; is this really an LFI vulnerability, or just something that looks like the LFI pattern on the surface?

[ reply ]
Re: LFI On SMF 1.1.3 Jul 18 2007 07:03PM
Cornelius Riemenschneider (c r1 gmx de)


Privacy Statement
Copyright 2010, SecurityFocus