[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: phpLedAds 2.0(dir) File Include

To: mahmood ali <mah_k_2000@xxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: phpLedAds 2.0(dir) File Include
From: Stefano Zanero <s.zanero@xxxxxxxxxxxxxxxx>
Date: Wed, 01 Nov 2006 16:26:11 +0100

mahmood ali wrote:
> phpLedAds 2.0(dir) File Include

> Vulnerable Code:_
> 
> click.php & ledad.php & ledad_js.php

> In Line 41 :_
> 
> require_once($dir . '/ad_class.php');

Right above that:

        $dir = dirname(__FILE__);
        if(empty($dir)) {
                $dir = getcwd( );
        }
        if(empty($dir)) {
                $dir = '.';
        }

So, this is once again a case of LUGCS (Lame Usage of Google Code Search).

Flag as bogus, please...

(Gadi, how right are you...)

Stefano

Prev by Date: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech"
Next by Date: Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass
Previous by thread: Re: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech"
Next by thread: Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass
Index(es):
- Date
- Thread