[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability
From: maric_sasa@xxxxxxxxx
Date: 30 Aug 2006 09:31:31 -0000

This vulnerability is not that dangerous because, firstly, if you want to 
exploit it, you must have  exact file tree and correct name of the malicious 
script because that variable is never used alone but always in concatanation 
with script name and generic extension and, secondly, if site has 
register_globals  set to OFF, you cannot use this exploit at all...

Prev by Date: Re: Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities )
Next by Date: [SECURITY] [DSA 1165-1] New capi4hylafax packages fix arbitrary command execution
Previous by thread: Re: Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities )
Next by thread: [SECURITY] [DSA 1165-1] New capi4hylafax packages fix arbitrary command execution
Index(es):
- Date
- Thread