[bug] Remote include file .... [bug] Remote include file ....
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

[bug] Remote include file ....

Started by tuxsoul, March 09, 2007, 07:32:39 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

tuxsoul

Hi,  i see in securityfocus a new report of bug, can developer's check please  :)

http://www.securityfocus.com/archive/1/462322/30/0/threaded
¿do you like my comment?, gift me one bitcoin: 1266FWznbEW1uLNPsLU9ATBxGuM1U19thB
bitcoin pay forward project: 15pjRCNT2CpzVo7HQ6b6r4q18Vv4Da7y9K

Joachim Müller

Valid report, moving to bugs section. Needs looking into, please stay tuned for the fix.

Nibbler

There are no vulnerabilities here, seems to be the result of an automated code scanner.

Joachim Müller

Imo there are vulnerabilities on certain, unsecure server-setups, with the vars in the URL not being defined within the script under all circumstances. Best practise is to define all vars used, particularly those that are being used as a path or the ones sent to the shell using exec.
The fixes for the vulnerabilities are easy: just add $cmd = '';and similar to the top of the pages that are being mentioned.
Imo this should be fixed, and yes, they even justify a maintenance release imo.

Nibbler

Well that is what they scanned for, but I didn't find any cases which were actually exploitable. They were contained within functions so no injected variables would be in scope. I agree they should be fixed but I don't think it warrants a release unless the flaws can actually be abused. Maybe I missed something.

Joachim Müller

Yes, they reside within functions, you're right.