[VIM] true: [Full-disclosure] Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb)
Noam Rathaus
noamr at beyondsecurity.com
Tue Feb 13 04:53:01 EST 2007
Hi,
The vulnerability is there... pValid simply verifies that the page you
requested is the page being displayed, so I need to call my malware the same
as status.php or any of the other files found to be linked inside the PHP.
<snip>
$p = $_REQUEST['p'];
if( !$p ) $p="$cfg->defaultPage";
</snip>
<snip>
<?php
if( $pValid ) {
include "$p";
} else {
print "<div class=warning>$p is not a valid page...</div>";
}
?>
</snip>
--
Noam Rathaus
CTO
1616 Anderson Rd.
McLean, VA 22102
Tel: 703.286.7725 extension 105
Fax: 888.667.7740
noamr at beyondsecurity.com
http://www.beyondsecurity.com
-------------- next part --------------
An embedded message was scrubbed...
From: Sebastian Wolfgarten <sebastian at wolfgarten.com>
Subject: [Full-disclosure] Arbitrary file disclosure vulnerability in php
rrd browser < 0.2.1 (prb)
Date: Sun, 11 Feb 2007 17:19:09 +0100
Size: 5968
Url: http://www.attrition.org/pipermail/vim/attachments/20070213/dca05f8c/attachment.mht
More information about the VIM
mailing list