Re: phpMyConferences_8.0.2 Remote File Inclusion
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Are you kidding me? How can you use lvc_include_dir when it`s defined
one line above? And don`t tell that you can use ROOT_DIR_PATH instead of
lvc_include_dir ...
Outlaw@xxxxxxxxxxxxxxxxx wrote:
> $lvc_include_dir = ROOT_DIR_PATH."common/visiteurs/include/";
> include_once($lvc_include_dir.'new-visitor.inc.php');
>
> [...]
>
> #POC:
> http://site.com/{path}/init.php?lvc_include_dir=SHELL
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
iD8DBQFFP8KuqBhP+Twks7oRCol8AJkBZTu+QNwzVKE6nu1ga0d216Cw6wCfWeKd
by5FR8zv9eoOQ4SNTmVTqvU=
=GkMY
-----END PGP SIGNATURE-----