|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability
maric_sasa
yahoo.com
Date: Wed Aug 30 2006 - 04:31:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This vulnerability is not that dangerous because, firstly, if you want to exploit it, you must have exact file tree and correct name of the malicious script because that variable is never used alone but always in concatanation with script name and generic extension and, secondly, if site has register_globals set to OFF, you cannot use this exploit at all...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]