[geeklog-devel] 1.5 Installer stuff

Joe Mucchiello joe at ThrowingDice.com
Fri Oct 12 02:08:41 EDT 2007


At 11:06 PM 10/11/2007, Blaine Lang wrote:
>Joe Mucchiello wrote:
>>Example: 
>>http://example.com/geeklog/languages/english.php?_CONF[site_admin_url]=http://evil.com 
>>
>It  may be just late for me but I will ask the question anyways. 
>What vulnerability does the above create - as this is very different 
>then a remote file include vulnerbility. If someone wants to run 
>english.php and change $_CONF['site_admin_url'] - what are they 
>going to harm or see happen?

I don't claim there is a current vulnerability. I'm just saying that 
now there is the potential for code to run in language files. Today 
it's just a function call. Who knows what someone might be able to 
make that do at some point in the future. It doesn't hurt to add the 
"can't run this file" logic.

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com 




More information about the geeklog-devel mailing list