Re: Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability
sh3ll@xxxxxxxx schrieb am Thu, 10 Aug 2006 20:53:46 +0000:
>Sanitize Variabel $cfgLanguage in edit.php , functions.php , new.php ,
>PageBottom.php
>
>& PageTop.php
Take a look at config.php:
$cfgLanguage = 'uk'; // Which
language do you prefer :
// uk =
English
// nl =
Dutch
// de =
German
config.php is included in edit.php, new.php, PageBottom.php
and PageTop.php at the top of the file, in functions.php at
the top of relevant functions.
No way to include something with cfgLanguage.
Regards
Carste
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>