[VIM] True: XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability

George A. Theall theall at tenablesecurity.com
Wed Jun 13 17:55:00 UTC 2007

Previous message: [VIM] True: XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
Next message: [VIM] True: XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 06/13/07 13:52, Steven M. Christey wrote:

> Is authentication controlled by a variable setting?  If so, then maybe an
> exploit could be made to overwrite that variable and bypass
> authentication, too.

The authentication check happens before GPC variables are extracted.

George
-- 
theall at tenablesecurity.com

Previous message: [VIM] True: XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
Next message: [VIM] True: XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the VIM mailing list