|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Jupiter CMS 1.1.5 index.php Remote File Include
From: Carsten Eilers (ceilers-lists
gmx.de)
Date: Tue Aug 29 2006 - 17:12:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
D3nGeRGmail.CoM schrieb am Fri, 25 Aug 2006 22:50:11 +0000:
>#####################################
>#############################################
>
>#Jupiter CMS 1.1.5 index.php Remote File Include
>
># the code
>
>#$template = "default";
>
># include "templates/$template/id.php";
Nice try. But as you wrote yourself: $template is
initalized with "default", so what happens to your
template=[Evil Code]? Right, it's overwritten, gone,
away.
The result: No vulnerability.
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]