Re: LFI On SMF 1.1.3

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: LFI On SMF 1.1.3
From: jkloske@xxxxxxxxxxxxxx
Date: 18 Jul 2007 00:51:53 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Let me preface this by saying I'm not a security expert, however considering 
that the above line is immediately preceeded by:

if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']]))

...with a default action defined by either the theme or the the SMF software 
itself (causing the LFI statement to never be reached), and that $actionArray 
is statically defined beforehand; is this really an LFI vulnerability, or just 
something that looks like the LFI pattern on the surface?

Follow-Ups:
- Re: LFI On SMF 1.1.3
  - From: Cornelius Riemenschneider

Prev by Date: ASA-2007-016: Remote crash vulnerability in Skinny channel driver
Next by Date: Re: iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability
Previous by thread: LFI On SMF 1.1.3
Next by thread: Re: LFI On SMF 1.1.3
Index(es):
- Date
- Thread