lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 6 Nov 2006 18:30:07 +0100
From: Heiko Wundram <admin@...con.net>
To: bugtraq@...urityfocus.com
Subject: Re: @cid stats v2.3  File Include

Am Sonntag, 5. November 2006 23:33 schrieb mahmood ali:
> <snip bullcrap>

Completely bogus.

If you look closely, the corresponding code in install.php3 is used to create 
a config file which contains a statement setting $repertoire (from a user 
input, so here is your injection attack for an install script, which is 
pretty much what you want, I'd guess). Anyway, if you don't delete 
install.php3 after the installation is complete, it's your own fault.

-- 
--- Heiko Wundram.

x|encon Support der
Gehrkens.IT GmbH

FON 0511-59027955 | http://www.gehrkens.it
FAX 0511-59027956 | http://www.xencon.net

Gehrkens.IT GmbH
Mailänder Strasse 2
30539 Hannover

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ