Bugtraq mailing list archives
Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability
From: idontthinkso () example com
Date: 19 Sep 2006 19:54:38 -0000
I fail to see how this affects PunBB. The first thing PunBB does after receiving an uploaded avatar is: move_uploaded_file($uploaded_file['tmp_name'], $pun_config['o_avatars_dir'].'/'.$id.'.tmp') After that, $uploaded_file['tmp_name'] isn't used anymore. Am I missing something here or what?
Current thread:
- ShAnKaR: multiple PHP application poison NULL byte vulnerability 3APA3A (Sep 11)
- Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability Jerome Athias (Sep 12)
- <Possible follow-ups>
- Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability idontthinkso (Sep 19)