Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability
From: Stefano Zanero <s.zanero@xxxxxxxxxxxxxxxx>
Date: Wed, 24 Jan 2007 11:13:37 +0100
In-reply-to: <BAY20-F8333DA7AE4A23638D8280BFAF0@xxxxxxx>
Organization: Secure Network S.r.l.
References: <BAY20-F8333DA7AE4A23638D8280BFAF0@xxxxxxx>
User-agent: Thunderbird 1.5.0.9 (X11/20061223)

> FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability

Bogus. You really don't know what you are doing, as others pointed out.

> code :
> include("$fpath/forum.php");

That variable is initialized two lines above, so this is BOGUS.

Stefano

References:
- FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability
  - From: me you

Prev by Date: Re: Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability
Next by Date: Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
Previous by thread: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability
Next by thread: [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux