|
Bugtraq
mailing list archives
Re: phpMyConferences <= 8.0.2 Remote File Inclusion
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 2 Nov 2006 21:00:36 -0500 (EST)
mfp.c,
In 8.0.2, the surrounding code for this bug is:
function insert_cached_module($module_desc)
{
...
global $lvc_modules_dir;
...
if (!$gloaded_modules[$module_name])
{
include($lvc_modules_dir.'/'.$module_name.'.module.php');
Since this include is within a function definition, the claimed
exploit (direct request to library.inc.php) should not work.
I'm unclear on whether a global declaration for a variable within a
function definition is sufficient to override initialization from
things like GET requests, but at best, the direct request to
library.inc.php appears erroneous.
Were you able to get an exploit to work?
- Steve
 By Date 
By Thread
Current thread:
- Re: phpMyConferences <= 8.0.2 Remote File Inclusion Steven M. Christey (Nov 03)
|
Intro
