BugTraq
SPIP v1.7 Remote File Inclusion Bug Aug 23 2007 10:04AM
system-errrror hotmail com (1 replies)
Re: SPIP v1.7 Remote File Inclusion Bug Aug 24 2007 07:57PM
Magnus Holmgren (holmgren lysator liu se)
On Thursday 23 August 2007 12:04, system-errrror (at) hotmail (dot) com [email concealed] wrote:
> ++ Bug in : "SPIP-v1-7r/inc-calcul.php3"
> ++----------------------------------------------------------------------
---
> ++ Vlu Code: -----------------------------
> ++ || include($squelette_cache); ||
> ++ -----------------------------

Errr, that line is inside a function *and* the variable is even properly
initialized. There's no way the mentioned exploit can work.

Furthermore, version 1.7 is over three years old. The most current version is
1.9.2.

--
Magnus Holmgren holmgren (at) lysator.liu (dot) se [email concealed]
(No Cc of list mail needed, thanks)

"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBGzzg6k7mRNn1h4+YRAji9AJ9OKKXFQamQdO+Ke5a4hoDNI45tAQCfbA1T
DeXjUTQ7SbI2Q4eBURyVedw=
=e0fD
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus