Re: Gstebuch Version 1.5 Remote Command Execution Vulnerability
- From: "Carsten Eilers" <ceilers-lists@xxxxxx>
- Date: Fri, 10 Aug 2007 22:10:26 +0200
ilkerkandemir@xxxxxxxxx schrieb am Fri, 10 Aug 2007 09:57:48 +0000:
echo "<meta http-equiv='refresh' content='0;URL=install.php'>";
redirecting brotha ;)
Not RFI
Nice try, but you should read the lines above the redirection, too:
| <?php
| session_start();
| include($config["root_ordner"].'config.php');
| if (file_exists($root_ordner.'install.php'))
| {
| echo "<meta http-equiv='refresh' content='0;URL=install.php'>";
| exit;
| }
Your redirection is in line 6, the RFI in line 3.
First hit wins: RFI. ;-)
Regards,
Carsten
- References:
- Re: Gstebuch Version 1.5 Remote Command Execution Vulnerability
- From: ilkerkandemir
- Re: Gstebuch Version 1.5 Remote Command Execution Vulnerability
- Prev by Date: Re:Re: [ELEYTT] 3SIERPIEN2007
- Next by Date: [ MDKSA-2007:156 ] - Updated imlib2 packages fix several issues
- Previous by thread: Re: Gstebuch Version 1.5 Remote Command Execution Vulnerability
- Next by thread: Mapos Bilder Galerie Version 1.0 Remote Command Execution Vulnerability
- Index(es):
