Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include

From: emme0032@xxxxxxx
Date: 28 Oct 2006 01:48:13 -0000

Sorry this report is bogus..
the only require/include statement that utilizes that variable is line 188:
require(phpAds_path.'/libraries/layerstyles/'.$layerstyle.'/layerstyle.inc.php');

The only possibility is local file include, with null byte bug in php interpreter.

But local file include is thwarted with a regular expression.

Prev by Date: [ MDKSA-2006:189 ] - Updated xsupplicant fixes possible remote root stack smash vulnerability
Next by Date: [ MDKSA-2006:188 ] - Updated mono packages fix vulnerability
Previous by thread: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include
Next by thread: Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include
Index(es):
- Date
- Thread

Relevant Pages

Re: Internet Explorer and Opera local zone restriction bypass
... but it seems to be a Flash Player MX plugin ... bug than IE bug, cause it stores cookies( ... >Microsoft Internet Explorer does not allow local file access by a remote host by default. ... >to set activex objects to execute arbitrary files, ...
(Bugtraq)
Re: phpAdsNew-2.0.8 <= (adlayer.php) Remote File Include
... Already reported a year ago by Maksymilian Arciemowicz. ... the only require/include statement that utilizes that variable is line ... But local file include is thwarted with a regular expression. ...
(Bugtraq)
Re: Net::FTP error when local file does not exist
... > when the local file does not exist. ... so the error message goes to STDERR via carp as you suspected. ... Not a bug, ...
(comp.lang.perl.modules)
Re: permission denied - fopen
... bird wrote: ... [big snip] ... > write data to MySQL database instead of a local file.) ... I doubt it's a bug. ...
(comp.lang.php)