[pLog-svn] [Lifetype Vulnerability] Very Serious File Disclosure Problem (read passwords/config whatever you want)

Matt Wood matt at woodzy.com
Wed Feb 14 09:55:16 EST 2007


Howard,

This would be good reading for you...

http://en.wikipedia.org/wiki/Null_character

On 2/14/07, howard chen <howachen at gmail.com> wrote:
>
> On 2/14/07, Matt Wood <matt at woodzy.com> wrote:
> > It has to be relative because of smarty. And some smarty installations
> have
> > a "secure mode" (like lifetype.net) that won't allow access out of a
> > specified sandbox.
> >
> > The real major danger I see is revealing the db password. And if your
> shell
> > pass happened to be the same as that password, you are toast.
> >
>
> hello,
>
> isn't that the template must have the extension ended with .template?
> so you can only load any template you want...
>
> so how to load other non-template file such as config.properties.php?
>
> p.s.
> if you think it is too sensitive to tell right now....remember to
> provide the cause maybe after sometimes which most people have fixed
> this bug. :)
>
> this is useful for other projects as well.
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://limedaley.com/pipermail/plog-svn/attachments/20070214/1dde524b/attachment.htm 


More information about the pLog-svn mailing list