Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include

To: Stefano Zanero <s.zanero@xxxxxxxxxxxxxxxx>
Subject: Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include
From: Gadi Evron <ge@xxxxxxxxxxxx>
Date: Mon, 29 Jan 2007 13:00:15 -0600 (CST)
Cc: trzindan@xxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <45BD101B.3020105@xxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

How can we all automate the testing process for fake vulns in and list
them as such without overburdening OSVDB, CVE, Milworm and SecuriTeam?

On Sun, 28 Jan 2007, Stefano Zanero wrote:

> trzindan@xxxxxxxxxx wrote:
> 
> > local Calendar System v1.1 (lcStdLib.inc) Remote File Include
> 
> Fake vuln
> 
> > code :
> 
> The variables are set in config.php
> 
> > exploit:
> 
> You never tested them. Which is pretty lame.
> 
> Stefano
>

Follow-Ups:
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include
  - From: Simple Nomad
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include
  - From: Stefano Zanero

References:
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include
  - From: Stefano Zanero

Prev by Date: Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion
Next by Date: Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects
Previous by thread: Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include
Next by thread: Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include
Index(es):
- Date
- Thread