[VIM] Bogus - [CLBOX <= (signup.php header) Remote File Include Vulnerability]

George A. Theall theall at tenablesecurity.com
Mon Mar 19 11:18:55 UTC 2007

Previous message: [VIM] [ECHO_ADV_75$2007] Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability
Next message: [VIM] WebAPP Audit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In signup.php, we have:

   require "inc/lib.inc";
   @include "$header";

and at the base of the include file we see:

   $header = "../header.php";

While I haven't bothered to actually install the software, this sure 
looks bogus to me.

George
-- 
theall at tenablesecurity.com

Previous message: [VIM] [ECHO_ADV_75$2007] Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability
Next message: [VIM] WebAPP Audit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the VIM mailing list