[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability
From: idontthinkso@xxxxxxxxxxx
Date: 19 Sep 2006 19:54:38 -0000

I fail to see how this affects PunBB. The first thing PunBB does after 
receiving an uploaded avatar is:

move_uploaded_file($uploaded_file['tmp_name'], 
$pun_config['o_avatars_dir'].'/'.$id.'.tmp')

After that, $uploaded_file['tmp_name'] isn't used anymore. Am I missing 
something here or what?

Prev by Date: White paper release: Bypassing network access control (NAC) systems
Next by Date: Innovate Portal v2.0 Index.PHP Xss Vuln.
Previous by thread: Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability
Next by thread: CMS.R. the Content Management System admin authentication baypass
Index(es):
- Date
- Thread