Bugtraq mailing list archives
Re: Fantastic News <=- (news.php) Remote File Include Vulnerability <- bogus... again
From: Mailinglists Address <mailinglist () expresshosting net>
Date: Mon, 22 Jan 2007 18:15:56 -0600
Author: BorN To K!LL
Maybe this person should be called "BorN To Gr3p" or "BorN To Post Fake and Pointl3ss ExploiTz!"
####################################################### Bug in :. news.php code : require_once($CONFIG['script_path']."functions/functions.php"); require_once($CONFIG['script_path']."functions/mysql.php"); require_once($CONFIG['script_path']."functions/template.php");
Two lines above the previous code is the following two lines: unset($CONFIG); require_once("config.php"); Once again... security auditing via grep doesn't give you enough information to post a complete and accurate bug/security report. Honestly, do you have a bash one liner that you just feed scripts to, that generates these bogus and pointless reports? It is getting to the point where I almost don't bother to check the code any more.
GreeTz to :.
M4d pr0ps to vim, grep and sed.
Current thread:
- Fantastic News <=- (news.php) Remote File Include Vulnerability me you (Jan 22)
- Re: Fantastic News <=- (news.php) Remote File Include Vulnerability <- bogus... again Mailinglists Address (Jan 23)