Bugtraq mailing list archives
Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include
From: simo () morx org
Date: Sat, 28 Oct 2006 16:59:17 -0000 (GMT)
Already reported a year ago by Maksymilian Arciemowicz. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2635 http://www.securityfocus.com/bid/14584 http://securityreason.com/achievement_securityalert/21
Sorry this report is bogus.. the only require/include statement that utilizes that variable is line 188: require(phpAds_path.'/libraries/layerstyles/'.$layerstyle.'/layerstyle.inc.php'); The only possibility is local file include, with null byte bug in php interpreter. But local file include is thwarted with a regular expression.
-- Simo Ben youssef MorX Security Research Team www.morx.org
Current thread:
- phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include zooz_998 (Oct 27)
- <Possible follow-ups>
- Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include emme0032 (Oct 28)
- Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include simo (Oct 30)