On 11/18/06, Stefano Zanero <s.zanero@xxxxxxxxxxxxxxxx> wrote:
Firewall1954@xxxxxxxxxxx wrote:
> # Phpjobscheduler 3.0 - Multiple Remote File Include by Firewall
Bogus
> # Code:
> include_once($installed_config_file)
include_once("functions.php"); some lines above includes a file which
statically sets that variable, so
> # ExPloit :
None of these work.
Please stop reporting bogus vulnerabilities ! Thanks !
Stefano
$installed_config_file = "config.inc.php"; if ($_REQUEST) foreach ($_REQUEST AS $key => $value) $$key = $value; The line below the variable being defined is what makes this vulnerable. Be safe, /str0ke