Bugtraq mailing list archives
Re: SPIP v1.7 Remote File Inclusion Bug
From: Magnus Holmgren <holmgren () lysator liu se>
Date: Fri, 24 Aug 2007 21:57:46 +0200
On Thursday 23 August 2007 12:04, system-errrror () hotmail com wrote:
++ Bug in : "SPIP-v1-7r/inc-calcul.php3" ++------------------------------------------------------------------------- ++ Vlu Code: ----------------------------- ++ || include($squelette_cache); || ++ -----------------------------
Errr, that line is inside a function *and* the variable is even properly initialized. There's no way the mentioned exploit can work. Furthermore, version 1.7 is over three years old. The most current version is 1.9.2. -- Magnus Holmgren holmgren () lysator liu se (No Cc of list mail needed, thanks) "Exim is better at being younger, whereas sendmail is better for Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
Attachment:
_bin
Description:
Current thread:
- SPIP v1.7 Remote File Inclusion Bug system-errrror (Aug 23)
- Re: SPIP v1.7 Remote File Inclusion Bug Magnus Holmgren (Aug 25)