News:

CPG Release 1.6.29
During HTML5 upload, keep pseudo blank code 200 messages from triggering error condition
added Russian language
correct failure to use theme menu icons in album manager
minor vulnerabilities mitigation

Main Menu

small security problem in anycontent.php

Started by Andi, December 12, 2004, 07:18:45 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Andi

December 12, 2004, 07:18:45 PM Last Edit: December 14, 2004, 07:48:56 AM by GauGau
Hi :)

if you open the file anycontent.php directly, the following message appears:

QuoteFatal error: Call to undefined function starttable() in xxx\anycontent.php on line 32

Version:
anycontent.php,v 1.10 2004/09/25 19:09:40 caspershadow
hope, I could help you... :)

Casper

#1
December 12, 2004, 08:15:33 PM
Yes, but anycontent.php is not designed to be called directly.  It works fine when used as designed.

How is this a security problem?


It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Andi

#2
December 12, 2004, 08:19:15 PM
QuoteHow is this a security problem?

Hi :)

so called "full path disclosure"
hope, I could help you... :)

kegobeer

#3
December 12, 2004, 08:40:22 PM Last Edit: December 12, 2004, 08:49:13 PM by kegobeer
Fixed easily enough with
Code Select
if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

#4
December 14, 2004, 07:48:41 AM
committed to devel branch.

Joachim
Print
Go Up Pages1
User actions