[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability

To: me you <r.5.7@xxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability
From: Stefano Zanero <s.zanero@xxxxxxxxxxxxxxxx>
Date: Wed, 24 Jan 2007 11:13:37 +0100

> FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability

Bogus. You really don't know what you are doing, as others pointed out.

> code :
> include("$fpath/forum.php");

That variable is initialized two lines above, so this is BOGUS.

Stefano

References:
- FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability
  - From: me you

Prev by Date: Re: Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability
Next by Date: Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
Previous by thread: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability
Next by thread: [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution
Index(es):
- Date
- Thread