local file inclusion vulnerability
Brought to you by:
tsvetozar
Menu
▾
▴
#3 local file inclusion vulnerability
open
nobody
None
5
2008-07-03
2008-07-03
Anonymous
No
if a user uploads a php file it can be executed through this script <= 1.3.1
defs.php line 49: @include("langs/$_GET[l].php");
to fix this add this code at line 44:
$lang_tbl=array('en','bg','de','nl','fr','it','ru'); // valid languages
if(isset($_GET['l'])&&in_array($_GET['l'],$lang_tbl))$lang_inc=$_GET['l'].".php";
else $lang_inc='en.php'; // default to en on error
and replace line 49 with:
@include("langs/$lang_inc");
Logged In: NO
Does release 1.3.2 address and correct this vulnerability?
Logged In: YES
user_id=1084256
Originator: NO
This is interesting find. Did a vulnerability exist and was it corrected in version 1.3.2?
Original poster here, version 1.3.2 does not address this issue, the vulnerability still exists, i suggest you manually patch your copies until the developer bothers to read the bug reports.