<<< Date Index >>>     <<< Thread Index >>>

Re: LFI On SMF 1.1.3



jkloske@xxxxxxxxxxxxxx schrieb:
> Let me preface this by saying I'm not a security expert, however
considering that the above line is immediately preceeded by:
>
> if (!isset($_REQUEST['action']) ||
!isset($actionArray[$_REQUEST['action']]))
>
> ...with a default action defined by either the theme or the the SMF
software itself (causing the LFI statement to never be reached), and
that $actionArray is statically defined beforehand; is this really an
LFI vulnerability, or just something that looks like the LFI pattern on
the surface?
>
It's NOT a security Vulnerability, false report, and @sirn0n, please
stop spamming, thx :)
Cornelius Riemenschneider
-- 

My source of power: www.humppa.com