Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.
From: dinoboff@xxxxxxxxxxx
Date: 5 Aug 2006 11:07:13 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

>From Mark O'Sullivan, on http://lussumo.com/community/:
"Here is the code in question:

$WorkingDirectory = str_replace('\\', '/', getcwd()).'/';
$RootDirectory = str_replace('setup/', '', $WorkingDirectory);

// ...

// Include the old settings file if it is present (it just contains constants)
if (file_exists($RootDirectory.'conf/old_settings.php')) {
include($RootDirectory.'conf/old_settings.php');


As you can see, there is NO vulnerability. The variable used in the path is 
defined a few lines above the code from the original report, and is defined 
using PHP's getcwd(); function. There is absolutely NO user-input that could 
cause the vulnerability suggested, and the "proof of concept" provided cannot 
possibly work."

Prev by Date: Will Microsoft patch remarkable old Msjet40.dll issue?
Next by Date: RE: linksys WRT54g authentication bypass
Previous by thread: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.
Next by thread: [CYBSEC] TippingPoint detection bypass
Index(es):
- Date
- Thread