Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-126: Members Area System 'view_func.php' Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-126: Members Area System 'view_func.php' Vulnerability
# 1  
Old 01-22-2008
S-126: Members Area System 'view_func.php' Vulnerability
Members Area System is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. The risk is MEDIUM. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Cybersecurity

Web Hack Attempt from whois 209.126.68.6

Anyone care to take a stab at decoding this hack attempt on a web server. From the error logs: $ cat error.log (36)File name too long: AH00036: access to... (4 Replies)
Discussion started by: Neo
4 Replies

2. Shell Programming and Scripting

SFTP return Error Code 126

Hi, We are getting the following error code while connection remote server using sftp command. sftp user@serrver Warning: child process (/opt/ssh2/bin/ssh2) exited with code 126. pls Advise. (2 Replies)
Discussion started by: koti_rama
2 Replies

3. UNIX for Advanced & Expert Users

Exit Status 126 - how to get rid of it

Hi All, I have a small application hosted on apache-tomcat 5. Basically its a html page which in turn calls a perl script residing on unix server. Through this perl script i am calling a shell script using system command , like system('scriptname.sh',arg1,arg2,arg3); Now in the script... (5 Replies)
Discussion started by: glamo_2312
5 Replies

4. AIX

ar: 0707-126

Trying to build code on IBM_AIX 5.3. Following error occured during build. ar: 0707-126 $projdir/obj/ibm/5.3/NewApp/NewApp.o is not valid with the current object file mode. Use the -X option to specify the desired object mode. ANy help is appreciated to resolve the error. (2 Replies)
Discussion started by: milindb
2 Replies
Login or Register to Ask a Question

LEARN ABOUT PHP

get_included_files

GET_INCLUDED_FILES(3)							 1						     GET_INCLUDED_FILES(3)

get_included_files - Returns an array with the names of included or required files

SYNOPSIS

       array get_included_files (void  )

DESCRIPTION

	Gets the names of all files that have been included using include(3), include_once(3), require(3) or require_once(3).

RETURN VALUES

	Returns an array of the names of all files.

	The  script  originally called is considered an "included file," so it will be listed together with the files referenced by include(3) and
       family.

	Files that are included or required multiple times only show up once in the returned array.

EXAMPLES

       Example #1

	      get_included_files(3) example

	      <?php
	      // This file is abc.php

	      include 'test1.php';
	      include_once 'test2.php';
	      require 'test3.php';
	      require_once 'test4.php';

	      $included_files = get_included_files();

	      foreach ($included_files as $filename) {
		  echo "$filename
";
	      }

	      ?>

	      The above example will output:

	      abc.php
	      test1.php
	      test2.php
	      test3.php
	      test4.php

NOTES

       Note

	       Files included using the auto_prepend_file configuration directive are not included in the returned array.

SEE ALSO

       include(3), include_once(3), require(3), require_once(3), get_required_files(3).

PHP Documentation Group 												     GET_INCLUDED_FILES(3)