Bugtraq mailing list archives
Re: phpMyConferences <= 8.0.2 Remote File Inclusion
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 2 Nov 2006 21:00:36 -0500 (EST)
mfp.c, In 8.0.2, the surrounding code for this bug is: function insert_cached_module($module_desc) { ... global $lvc_modules_dir; ... if (!$gloaded_modules[$module_name]) { include($lvc_modules_dir.'/'.$module_name.'.module.php'); Since this include is within a function definition, the claimed exploit (direct request to library.inc.php) should not work. I'm unclear on whether a global declaration for a variable within a function definition is sufficient to override initialization from things like GET requests, but at best, the direct request to library.inc.php appears erroneous. Were you able to get an exploit to work? - Steve
Current thread:
- Re: phpMyConferences <= 8.0.2 Remote File Inclusion Steven M. Christey (Nov 03)