Re: phpLedAds 2.0(dir) File Include

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: phpLedAds 2.0(dir) File Include

Subject: Re: phpLedAds 2.0(dir) File Include
Date: Wed, 01 Nov 2006 16:26:11 +0100
From: Stefano Zanero <suppressed>

mahmood ali wrote:
> phpLedAds 2.0(dir) File Include

> Vulnerable Code:_
> 
> click.php & ledad.php & ledad_js.php

> In Line 41 :_
> 
> require_once($dir . '/ad_class.php');

Right above that:

	$dir = dirname(__FILE__);
	if(empty($dir)) {
		$dir = getcwd( );
	}
	if(empty($dir)) {
		$dir = '.';
	}

So, this is once again a case of LUGCS (Lame Usage of Google Code Search).

Flag as bogus, please...

(Gadi, how right are you...)

Stefano

Prev by Date: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech"
Next by Date: Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass
Previous by thread: Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech"
Next by thread: Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.