Re: phpWebSite 0.10.2 Remote File Include Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: phpWebSite 0.10.2 Remote File Include Vulnerabilities
From: kevin@xxxxxxxxxxxxxxxx
Date: 11 Oct 2006 00:19:40 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This is a falsified vulnerability. PHPWS_SOURCE_DIR and PHPWS_HOME_DIR are 
defined constants, not variables, and passing values in the URL has no effect 
on their value inside phpWebSite.

Prev by Date: New tool release today - "wyd" - password profiling
Next by Date: CommunityPortals <= 1.0 Remote File Include Vulnerability
Previous by thread: phpWebSite 0.10.2 Remote File Include Vulnerabilities
Next by thread: eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities
Index(es):
- Date
- Thread