Hosting Provided By

Re: SPIP v1.7 Remote File Inclusion Bug

From: Magnus Holmgren <holmgren(at)lysator.liu.se>
Date: Fri Aug 24 2007 - 15:57:46 EDT

On Thursday 23 August 2007 12:04, system-errrror@hotmail.com wrote:
> ++ Bug in : "SPIP-v1-7r/inc-calcul.php3"

> ++-------------------------------------------------------------------------

> ++ Vlu Code:  -----------------------------
> ++           || include($squelette_cache); ||
> ++            -----------------------------

Errr, that line is inside a function *and* the variable is even properly initialized. There's no way the mentioned exploit can work.

Furthermore, version 1.7 is over three years old. The most current version is 1.9.2.

-- 
Magnus Holmgren        holmgren@lysator.liu.se
                       (No Cc of list mail needed, thanks)

  "Exim is better at being younger, whereas sendmail is better for 
   Scrabble (50 point bonus for clearing your rack)" -- Dave Evans


application/pgp-signature attachment: stored

Received on Sat Aug 25 11:29:08 2007

This message: [ Message body ]
Next message: Arthur Corliss: "RE: VMWare poor guest isolation design"
Previous message: Asterisk Security Team: "AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:13:31 EDT