Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability
From: Francesco Laurita <francesco@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Jan 2007 23:48:10 +0100
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20070129162448.22427.qmail@xxxxxxxxxxxxxxxxx>
References: <20070129162448.22427.qmail@xxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.5.0.9 (Windows/20061207)

trzindan@xxxxxxxxxx ha scritto:
> index.php
>
> include(GNP_REAL_PATH . 'includes/common.php');
>
>   
Bogus!
First: GNP_REAL_PATH is a constant which means it has an unchangeable
value (RTM)
Second: GNP_REAL_PATH is setted on line #39 (Open your eyes)

Regards
--
Francesco Laurita

References:
- gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability
  - From: trzindan

Prev by Date: Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability
Next by Date: PhP Generic library & framework (include_path) Remote File Include Exploit
Previous by thread: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability
Next by thread: Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux