[pLog-svn] [Lifetype Vulnerability] Very Serious File Disclosure Problem (read passwords/config whatever you want)
Oscar Renalias
oscar at renalias.net
Wed Feb 14 10:44:47 EST 2007
I think it's enough giving out clues. I am not against being open
about security issues but I am against about nearly describing how to
do it.
I understand you're worried about your servers, but this is an open
list that anybody can read it and the last thing we want to do is
help all haxx0rz out there wreak havoc in vulnerable installations.
Bear in mind people that many people won't probably upgrade for weeks
or even months!
On 14 Feb 2007, at 16:55, Matt Wood wrote:
> Howard,
>
> This would be good reading for you...
>
> http://en.wikipedia.org/wiki/Null_character
>
> On 2/14/07, howard chen <howachen at gmail.com> wrote: On 2/14/07,
> Matt Wood <matt at woodzy.com> wrote:
> > It has to be relative because of smarty. And some smarty
> installations have
> > a "secure mode" (like lifetype.net) that won't allow access out of a
> > specified sandbox.
> >
> > The real major danger I see is revealing the db password. And if
> your shell
> > pass happened to be the same as that password, you are toast.
> >
>
> hello,
>
> isn't that the template must have the extension ended with .template?
> so you can only load any template you want...
>
> so how to load other non-template file such as config.properties.php ?
>
> p.s.
> if you think it is too sensitive to tell right now....remember to
> provide the cause maybe after sometimes which most people have fixed
> this bug. :)
>
> this is useful for other projects as well.
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
More information about the pLog-svn
mailing list