bugtraq August 2007 archive
Main Archive Page > Month Archives  > bugtraq archives
bugtraq: Re: SPIP v1.7 Remote File Inclusion Bug

Re: SPIP v1.7 Remote File Inclusion Bug

From: Magnus Holmgren <holmgren_at_nospam>
Date: Fri Aug 24 2007 - 19:57:46 GMT
To: bugtraq@securityfocus.com


On Thursday 23 August 2007 12:04, system-errrror@hotmail.com wrote:
> ++ Bug in : "SPIP-v1-7r/inc-calcul.php3"
> ++-------------------------------------------------------------------------
> ++ Vlu Code: -----------------------------
> ++ || include($squelette_cache); ||
> ++ -----------------------------

Errr, that line is inside a function *and* the variable is even properly initialized. There's no way the mentioned exploit can work.

Furthermore, version 1.7 is over three years old. The most current version is 1.9.2. -- Magnus Holmgren holmgren@lysator.liu.se (No Cc of list mail needed, thanks) "Exim is better at being younger, whereas sendmail is better for Scrabble (50 point bonus for clearing your rack)" -- Dave Evans