Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include

From: Francesco Laurita <francesco@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 30 Oct 2006 19:12:10 +0100

firewall1954@xxxxxxxxxxx ha scritto:

Affected software description :
Application : CentiPaid
version : 1.4.3
URL : http://www.centipaid.com/centi/download/centipaid_php-1.4.3.tar.gz

Code:centipaid_class.php

include($class_pwd.'/adodb/adodb.inc.php')

One line above:
$class_pwd = dirname(__FILE__);

$class_pwd is setted before include();

Mark it as bogus please
Regards

References:
- CentiPaid <= 1.4.2 [$class_pwd] Remote File Include
  - From: firewall1954

Prev by Date: Multiple Remote File Include
Next by Date: unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products]
Previous by thread: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include
Next by thread: Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include
Index(es):
- Date
- Thread

Relevant Pages

Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability
... philip anselmo ha scritto: ... Please mark it as bogus. ... $cutepath is defined some lines above: ...
(Bugtraq)
Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability
... trzindan@xxxxxxxxxx ha scritto: ... Bogus! ... value (RTM) ... GNP_REAL_PATH is setted on line #39 (Open your eyes) ...
(Bugtraq)
Re: did you guys already see this?
... Sakari Lund ha scritto: ... Eurosport when Hingis went to show the mark in Graf's side that you ...
(rec.sport.tennis)
Re: Moderator discussion
... > -> seen any postings in I don't know how long here, ... Thanks, Mark, for your efforts! ... delete bogus to reply ... Prev by Date: ...
(comp.os.os2.moderated)
Re: Form with custom shape
... but I'm a bit worried about the mark took by this ... Niko ha scritto: ... Inviato da www.mynewsgate.net ...
(microsoft.public.dotnet.languages.csharp)