[geeklog-devel] 1.5 Installer stuff
Joe Mucchiello
joe at ThrowingDice.com
Fri Oct 12 02:08:41 EDT 2007
At 11:06 PM 10/11/2007, Blaine Lang wrote:
>Joe Mucchiello wrote:
>>Example:
>>http://example.com/geeklog/languages/english.php?_CONF[site_admin_url]=http://evil.com
>>
>It may be just late for me but I will ask the question anyways.
>What vulnerability does the above create - as this is very different
>then a remote file include vulnerbility. If someone wants to run
>english.php and change $_CONF['site_admin_url'] - what are they
>going to harm or see happen?
I don't claim there is a current vulnerability. I'm just saying that
now there is the potential for code to run in language files. Today
it's just a function call. Who knows what someone might be able to
make that do at some point in the future. It doesn't hurt to add the
"can't run this file" logic.
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com
More information about the geeklog-devel
mailing list