sh3ll@xxxxxxxx schrieb am Mon, 7 Aug 2006 20:19:08 +0000: >-------------------------------------------------- > >Vulnerability: > >~~~~~~~~~~~~~ > >in index.php We Found Vulnerability Script > >----------index.php-------------------------------------- > >.... > ><?php > > include($rep_par_rapport_racine."inc/img.inc.php"); > > ?> > >... > >------------------------------------- This vulnerability doesn't exist, $rep_par_rapport_racine is initialized a few lines above this include. After the first reported wrong advisories from sh3ll@xxxxxxxx I take a look at his new ones last weekend (rainy sunday here :-)). As I reported yesterday: All execept one are wrong. Looking on the mails from last week, I found this one. Wrong, too, as expected. Shit happens. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>