Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Ban v0.1 (bannieres.php) File Include
From: Francesco Laurita <francesco () francesco-laurita info>
Date: Sat, 28 Oct 2006 02:40:14 +0200

mahmood ali ha scritto:
In Line 13 :_

include "$chemin/includes/connexion.php" ;
Please, read source code better!
At line 11 the variable $chemin is setted as "."

Line 11:
$chemin = "." ;

Hower a security issue could be found at line 26 and line 32 where a sql injection is possible due to uncheked $id variable

Regards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]