|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: phpMyConferences <= 8.0.2 Remote File Inclusion
From: Steven M. Christey (coley
mitre.org)
Date: Thu Nov 02 2006 - 20:00:36 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
mfp.c,
In 8.0.2, the surrounding code for this bug is:
function insert_cached_module($module_desc)
{
...
global $lvc_modules_dir;
...
if (!$gloaded_modules[$module_name])
{
include($lvc_modules_dir.'/'.$module_name.'.module.php');
Since this include is within a function definition, the claimed
exploit (direct request to library.inc.php) should not work.
I'm unclear on whether a global declaration for a variable within a
function definition is sufficient to override initialization from
things like GET requests, but at best, the direct request to
library.inc.php appears erroneous.
Were you able to get an exploit to work?
- Steve
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]