<<< Date Index >>>     <<< Thread Index >>>

Re: SPIP v1.7 Remote File Inclusion Bug



On Thursday 23 August 2007 12:04, system-errrror@xxxxxxxxxxx wrote:
> ++ Bug in :  "SPIP-v1-7r/inc-calcul.php3"
> ++-------------------------------------------------------------------------
> ++ Vlu Code:  -----------------------------
> ++           || include($squelette_cache); ||
> ++            -----------------------------

Errr, that line is inside a function *and* the variable is even properly 
initialized. There's no way the mentioned exploit can work.

Furthermore, version 1.7 is over three years old. The most current version is 
1.9.2.

-- 
Magnus Holmgren        holmgren@xxxxxxxxxxxxxx
                       (No Cc of list mail needed, thanks)

  "Exim is better at being younger, whereas sendmail is better for 
   Scrabble (50 point bonus for clearing your rack)" -- Dave Evans

Attachment: pgpKmHZXbAikm.pgp
Description: PGP signature