Bugtraq mailing list archives
Re: @cid stats v2.3 File Include
From: Heiko Wundram <admin () xencon net>
Date: Mon, 6 Nov 2006 18:30:07 +0100
Am Sonntag, 5. November 2006 23:33 schrieb mahmood ali:
<snip bullcrap>
Completely bogus. If you look closely, the corresponding code in install.php3 is used to create a config file which contains a statement setting $repertoire (from a user input, so here is your injection attack for an install script, which is pretty much what you want, I'd guess). Anyway, if you don't delete install.php3 after the installation is complete, it's your own fault. -- --- Heiko Wundram. x|encon Support der Gehrkens.IT GmbH FON 0511-59027955 | http://www.gehrkens.it FAX 0511-59027956 | http://www.xencon.net Gehrkens.IT GmbH Mailänder Strasse 2 30539 Hannover
Attachment:
_bin
Description:
Current thread:
- @cid stats v2.3 File Include mahmood ali (Nov 06)
- Re: @cid stats v2.3 File Include Heiko Wundram (Nov 06)