Re: Simple PHP scanning ..: msg#00026

On Sun, Mar 20, 2005 at 01:58:51AM +0100, Gerardo Di Giacomo wrote: > Ulf Harnhammar wrote: > > include("templatedir/$file"); > > with this you can do > > file=../../../../../../../../../../../../../etc/passwd > > directory traversal and get any (readable) file from the server. > > Not the same vulnerability, but a vulnerability :) Yes, that's true. What about a command line option for choosing whether you want to see all includes containing variables or just the ones that might be remote inclusion bugs? // Ulf

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Simple PHP scanning .., Javier Fernández-Sanguino Peña
Next by Date:	Re: Simple PHP scanning .., Gerardo Di Giacomo
Previous by Thread:	Re: Simple PHP scanning .., Gerardo Di Giacomo
Next by Thread:	Re: Simple PHP scanning .., Javier Fernández-Sanguino Peña
Indexes:	[Date] [Thread] [Top] [All Lists]

^^^ ADDITIONAL NAVIGATION ^^^

Recently Viewed:
emacs.dvc.devel... java.displaytag... ietf.rfc822/199... linux.altlinux.... redhat.fedora.r... python.ctypes/2... video.panorama/... freedesktop.xor... audio.emagic.lo... netbsd.devel.us... documentation.t... yellowdog.gener... gnome.mono.mono... bacula.user/200... shells.bash.bug... xfree86.devel/2... culture.bicycle... mozilla.devel.n... web.squid.gener... user-groups.gul... kde.amarok.bugs... org.user-groups... handhelds.linux... tex.context/200...

Home | blog view, Court Document Archive | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo