|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability
From: Steven M. Christey (coley
mitre.org)
Date: Wed Sep 06 2006 - 18:19:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>This vulnerability is not that dangerous because, firstly, if you want
>to exploit it, you must have exact file tree and correct name of the
>malicious script because that variable is never used alone but always
>in concatanation with script name and generic extension
In a typical PHP exploit scenario, the attacker could merely add a
null byte ("%00") to the phpbb_root_path parameter, which would then
cause the include call to ignore this extra file tree/name
information. Is there some reason why a null byte wouldn't work in
this situation?
- Steve
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]