[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include
From: simo64@xxxxxxxx
Date: 7 Nov 2006 03:35:34 -0000

in admin.php we have

..........
$include_path = dirname(__FILE__); // <== 
require_once $include_path."/admin/config.inc.php";
require_once $include_path."/lib/$DB_CLASS";
...........

At line 21 the variable $include_path is setted as 'dirname(__FILE__)' so 
remote file inclusion is not possible :)

Regards

Prev by Date: Re: Multiple vulnerabilities in SAP Web Application Server 6.40 and7.00
Next by Date: GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability
Previous by thread: Advanced Guestbook 2.3.1 (Admin.php) Remote File Include
Next by thread: VulnDisco Pack for Metasploit
Index(es):
- Date
- Thread