| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Re: XXS in script Phorum |
| From: | brian@phorum.org |
| Date: | 26 Feb 2007 22:44:34 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Once again, a false report about Phorum. Please issue an apology ASAP. 1. upgradefiles as a var is only used inside a function. PHP does not take variables from the global scope for use in functions automatically. 2. 2 lines before that var is echoed, it is set by reading a file name from disk using the dir() function in PHP. 3. The dir() function reads from a hard coded, relative path on disk and does not use a variable. Thanks for trying. If you find a real bug, please let us know. We strive to make Phorum as bug free as possible. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | ViewCVS 0.9.4 issues, Moritz Naumann |
|---|---|
| Next by Date: | Few unreported vulnerabilities by SehaTo, 3APA3A |
| Previous by Thread: | XXS in script Phorum, c_r_ck |
| Next by Thread: | MTCMS multiple upload vulnerabilities, none |
| Indexes: | [Date] [Thread] [Top] [All Lists] |