small security problem in anycontent.php small security problem in anycontent.php
 

News:

CPG Release 1.6.28
added submissions from {406man}
cleaned up a few PHP (8.4) deprecations
fixed PHP deprecation in calendar
removed security vulnerability
(please upgrade when possible)

Main Menu

small security problem in anycontent.php

Started by Andi, December 12, 2004, 07:18:45 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Andi

December 12, 2004, 07:18:45 PM Last Edit: December 14, 2004, 07:48:56 AM by GauGau
Hi :)

if you open the file anycontent.php directly, the following message appears:

QuoteFatal error: Call to undefined function starttable() in xxx\anycontent.php on line 32

Version:
anycontent.php,v 1.10 2004/09/25 19:09:40 caspershadow
hope, I could help you... :)

Casper

#1
December 12, 2004, 08:15:33 PM
Yes, but anycontent.php is not designed to be called directly.  It works fine when used as designed.

How is this a security problem?


It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Andi

#2
December 12, 2004, 08:19:15 PM
QuoteHow is this a security problem?

Hi :)

so called "full path disclosure"
hope, I could help you... :)

kegobeer

#3
December 12, 2004, 08:40:22 PM Last Edit: December 12, 2004, 08:49:13 PM by kegobeer
Fixed easily enough with
Code Select
if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

#4
December 14, 2004, 07:48:41 AM
committed to devel branch.

Joachim
Print
Go Up Pages1
User actions