Re: Gstebuch Version 1.5 Remote Command Execution Vulnerability

看板Bugtraq作者ceilers-lis.時間18年前 (2007/08/13 14:40)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串3/3 (看更多)

ilkerkandemir@mynet.com schrieb am Fri, 10 Aug 2007 09:57:48 +0000: >echo "<meta http-equiv='refresh' content='0;URL=install.php'>"; > >redirecting brotha ;) > >Not RFI Nice try, but you should read the lines above the redirection, too: | <?php | session_start(); | include($config["root_ordner"].'config.php'); | if (file_exists($root_ordner.'install.php')) | { | echo "<meta http-equiv='refresh' content='0;URL=install.php'>"; | exit; | } Your redirection is in line 6, the RFI in line 3. First hit wins: RFI. ;-) Regards, Carsten

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 ceilers-lis. 的文章

文章代碼(AID): #16l_pJ00 (Bugtraq)