Already reported a year ago by Maksymilian Arciemowicz. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2635 http://www.securityfocus.com/bid/14584 http://securityreason.com/achievement_securityalert/21 > Sorry this report is bogus.. > the only require/include statement that utilizes that variable is line > 188: > require(phpAds_path.'/libraries/layerstyles/'.$layerstyle.'/layerstyle.inc.php'); > > The only possibility is local file include, with null byte bug in php > interpreter. > > But local file include is thwarted with a regular expression. > -- Simo Ben youssef MorX Security Research Team www.morx.org
