[From nobody Tue Aug 12 16:04:21 2008 X-Account-Key: account2 X-Mozilla-Keys: Received: from outgoing.securityfocus.com (outgoing.securityfocus.com [205.206.231.27]) by milw0rm.com (8.14.0/ 1) with ESMTP id m7CFaQ85016726 for <str0ke@milw0rm.com>; Tue, 12 Aug 2008 10:36:26 -0500 (CDT) Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via smtpd (for milw0rm.com [76.74.9.18]) with ESMTP; Tue, 12 Aug 2008 08:19:47 -0700 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id EAD0F236FE5; Tue, 12 Aug 2008 08:33:53 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 8185 invoked from network); 11 Aug 2008 18:28:11 -0000 From: lcat <lcat@email.dp.ua> To: bugtraq@securityfocus.com Subject: Re: TGS CMS Remote Code Execution Exploit Date: Mon, 11 Aug 2008 12:58:44 -0700 User-Agent: KMail/1.9.9 References: <20080803182143.25113.qmail@securityfocus.com> In-Reply-To: <20080803182143.25113.qmail@securityfocus.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200808111258.44630.lcat@email.dp.ua> Hello BugtraQ, I tried to reproduce this advisory. And found out that its impossible. When you create a index.php file, executing admin.template_engine.php, This index.php contains=20 =A0 =A0require_once("lib/template.class.php"); but this is wrong file path and executing index.php stop with error=20 Warning: require_once(./lib/template.class.php)=20 =46atal error: require_once(). Goood Luck. ]