Re: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit
From: "Steven M. Christey" <coley@xxxxxxxxx>
Date: Fri, 6 Oct 2006 14:05:11 -0400 (EDT)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

There are some important errors in this post that appear to stem from
incomplete editing of a previous advisory for an unrelated product,
webnews (CVE-2006-5100).

The subject line says 1.4, but the version referenced at the end of
the post is 1.2.3, which is dated October 2, 2006; so there doesn't
appear to be any 1.4.

The subject line also mentions WN_BASEDIR, but the demonstration
exploit uses includeDir instead.

- Steve

Prev by Date: Details of Lotus Notes Java Applet vulnerabilities
Next by Date: Emek Portal v2.1 SQL Injection
Previous by thread: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit
Next by thread: [SECURITY] [DSA 1191-1] New Mozilla Thunderbird packages fix several vulnerabilities
Index(es):
- Date
- Thread