[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: DesktopOnNet 3 Beta LFI
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-02-27 20:46:59
Message-ID: 4F4BEBC3.8030307 () redhat ! com
[Download RAW message or body]

On 02/27/2012 07:10 AM, Whitney Houston wrote:
> I forget to say, I want CVE number. give it to me.
> 
> On Mon, Feb 27, 2012 at 2:10 PM, Whitney Houston
> <i4m4l1v3b17ch3z@gmail.com>wrote:
> 
>> Hello list
>>
>> I want to report serious scary issue, I find this vulnerability that make
>> me fall off chair and giggle like silly slut.
>>
>> Project: http://sourceforge.net/projects/don3/
>>
>> <?php
>> require('system/switches.php');
>>
>> if
>> (file_exists('applications/'.$_GET["app"].'.don3app/'.$_GET["app"].'.php')){
>>         $appfile = $_GET["app"];
>>         $app_path = "applications/".$appfile.".don3app/";
>> } else {
>>         $appfile = "frontpage";
>>         $app_path = "applications/frontpage.don3app/";
>> }
>>
>> if (file_exists("library/$appfile.don3lib")){
>>         $topper_array = don3_read_don3lib($appfile.".don3lib");
>>         $title = $topper_array[0];
>> } else {
>>         $title = "ERROR T1";
>> }
>>
>>
>> $topper_includer = 'applications/'.$appfile.'.don3app/'.$appfile.'.php';
>>
>> ....
>>
>> include ($topper_includer);
>>
>>
>> Obviously I keep this bug super secret for many month but now i release
>> for all, after my recent death.
>>
>> xx
>>


Can you please state which version(s) are vulnerable and which specific
files are vulnerable? Thanks.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)
[prev in list] [next in list] [prev in thread] [next in thread]