Re: Smarty-2.6.1 Remote File Include Vulnerabilities
On Mon, 2006-10-23 at 16:30 +0000, crackers_child@xxxxxxxxxxxxxxxxxxx
> <?php
>
> require_once './config.php';
> require_once SMARTY_DIR . 'Smarty.class.php';
> require_once 'PHPUnit.php';
SMARTY_DIR is a constant, isn't it?
>
>
> http://www.site.com/Smarty-2.6.14/unit_test/test_cases.php?SMARTY_DIR=Sh3ll?
>
But you are passing a variable with value "Sh3ll".
And since variable != constant it won't work, at least in the piece of
code you gave us.
Where is the bug?
--
La civilización no suprime la barbarie, la perfecciona. -Voltaire
http://xiam.underlife.org
__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
Regístrate ya - http://correo.yahoo.com.mx/