Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Smarty-2.6.1 Remote File Include Vulnerabilities
From: "J. Carlos Nieto" <xiamkong () yahoo com mx>
Date: Tue, 24 Oct 2006 08:50:07 -0500

On Mon, 2006-10-23 at 16:30 +0000, crackers_child () sibersavascilar com 


require_once './config.php';
require_once SMARTY_DIR . 'Smarty.class.php';
require_once 'PHPUnit.php';

SMARTY_DIR is a constant, isn't it?


But you are passing a variable with value "Sh3ll".

And since variable != constant it won't work, at least in the piece of
code you gave us.

Where is the bug?

La civilización no suprime la barbarie, la perfecciona. -Voltaire

Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
Regístrate ya - http://correo.yahoo.com.mx/ 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]