<<< Date Index >>> <<< Thread Index >>>

Re: Ban v0.1 (bannieres.php) File Include

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Ban v0.1 (bannieres.php) File Include
From: Francesco Laurita <francesco@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 28 Oct 2006 02:40:14 +0200
In-reply-to: <BAY105-F34378C20635962AB126D2CC2040@xxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <BAY105-F34378C20635962AB126D2CC2040@xxxxxxx>
User-agent: Mozilla Thunderbird 1.5.0.7 (Windows/20060909)

mahmood ali ha scritto:

In Line 13 :_

include "$chemin/includes/connexion.php" ;

Please, read source code better!
At line 11 the variable $chemin is setted as "."

Line 11:
$chemin = "." ;

Hower a security issue could be found at line 26 and line 32 where a sqlinjection is possible due to uncheked $id variable


Regards

References:
- Ban v0.1 (bannieres.php) File Include
  - From: mahmood ali

Prev by Date: [ MDKSA-2006:192 ] - Updated ruby packages fix DoS vulnerability
Next by Date: [ MDKSA-2006:191 ] - Updated screen packages fix vulnerability
Previous by thread: Ban v0.1 (bannieres.php) File Include
Next by thread: Thepeak File Upload v1.3 : Read file vulneability
Index(es):
- Date
- Thread