Hello, El jue, 13-07-2006 a las 01:35 +0000, matdhule@xxxxxxxxx escribió: > > require_once( $mosConfig_absolute_path . > '/includes/domit/xml_domit_lite_include.php' ); > > ------------------------------------------------------------ > > Variables $mosConfig_absolute_path are not properly sanitized. When > register_globals=on > and allow_fopenurl=on an attacker can exploit this vulnerability with > a > simple php injection script. I think that even if allow_fopenurl is not on you can open remote files by using UNC style paths, such as \\mymachine\myresource\, of course, under Win32 environments. -- Zer gutxi balio duen langileen bizitza
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente