Re: SPIP v1.7 Remote File Inclusion Bug
- From: Magnus Holmgren <holmgren@xxxxxxxxxxxxxx>
- Date: Fri, 24 Aug 2007 21:57:46 +0200
On Thursday 23 August 2007 12:04, system-errrror@xxxxxxxxxxx wrote:
++ Bug in : "SPIP-v1-7r/inc-calcul.php3"
++-------------------------------------------------------------------------
++ Vlu Code: -----------------------------
++ || include($squelette_cache); ||
++ -----------------------------
Errr, that line is inside a function *and* the variable is even properly
initialized. There's no way the mentioned exploit can work.
Furthermore, version 1.7 is over three years old. The most current version is
1.9.2.
--
Magnus Holmgren holmgren@xxxxxxxxxxxxxx
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
Attachment:
pgpelMouB0S9l.pgp
Description: PGP signature
- References:
- SPIP v1.7 Remote File Inclusion Bug
- From: system-errrror
- SPIP v1.7 Remote File Inclusion Bug
- Prev by Date: Security vulnerability in BufferZone 2.5
- Next by Date: AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage
- Previous by thread: SPIP v1.7 Remote File Inclusion Bug
- Next by thread: X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities
- Index(es):
