| To: | trzindan@hotmail.fr |
|---|---|
| Subject: | Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability |
| From: | Francesco Laurita <francesco@francesco-laurita.info> |
| Date: | Mon, 29 Jan 2007 23:48:10 +0100 |
| Cc: | bugtraq@securityfocus.com |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| In-reply-to: | <20070129162448.22427.qmail@securityfocus.com> |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
| References: | <20070129162448.22427.qmail@securityfocus.com> |
| User-agent: | Mozilla Thunderbird 1.5.0.9 (Windows/20061207) |
trzindan@hotmail.fr ha scritto: > index.php > > include(GNP_REAL_PATH . 'includes/common.php'); > > Bogus! First: GNP_REAL_PATH is a constant which means it has an unchangeable value (RTM) Second: GNP_REAL_PATH is setted on line #39 (Open your eyes) Regards -- Francesco Laurita |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RBL - ASP (scripts with db) SQL injection, sn0oPy . team |
|---|---|
| Next by Date: | PhP Generic library & framework (include_path) Remote File Include Exploit, umutc4n |
| Previous by Thread: | gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability, trzindan |
| Next by Thread: | Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects, Chris Travers |
| Indexes: | [Date] [Thread] [Top] [All Lists] |