Revenue Source

Welcome to the Revenue Source affiliate marketing forums.

You are viewing our internet marketing and SEO forums as a guest which gives you limited access to most of our discussions.  By joining our free community, you will have access to post affiliate marketing topics, communicate privately with other members (PM), exchange SEO strategies, and access many other special features.  Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems, please don't hesitate to contact us.

Go Back   Revenue Source > Site Design & Development > Programming Help
Reload this Page Secunia.com: phpChess Community Edition Multiple File Inclusion
Tags: , , , , , ,

Reply
 
LinkBack Thread Tools Search this Thread
Old
  (#1 (permalink))
Affiliate Blogs is Offline
Revenue Source Veteran
Affiliate Blogs has a brilliant future here!
 
Affiliate Blogs's Avatar
 
Join Date: Oct 2005
Posts: 9,225
Jack of All Trades
CyberSpace United States
   
Secunia.com: phpChess Community Edition Multiple File Inclusion - 05-07-2007
Users of the phpChess application for their website should take note of this new advisory posted on the Secunia website. It's related to a vulnerability that allows for multiple file inclusion, allowing for malicious code to be included. This issue is for Community Edition versions 2.x.
GolD_M has discovered some vulnerabilities in phpChess Community Edition, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
The issue surrounds the "root_path" parameter not being properly verified before the include happens. If register_globals is on, this could be overridden and malicious code could be injected. The recommended fix for the issue is to go in and correct the source code, making it validate the location of the file (and that it exists) before it is included.


Secunia.com: phpChess Community Edition Multiple File Inclusion - Read More...
  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Nick Halstead's Blog: How to make AuctionAd$ dynamic with PHP | PHP Author Notes »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads for: Secunia.com: phpChess Community Edition Multiple File Inclusion
Thread Thread Starter Forum Replies Last Post
Secunia.com: WordPress myGallery Plugin "myPath" File Inclusion Affiliate Blogs Programming Help 0 04-30-2007 08:19 PM
Paid Inclusion Anyone? Option Without Crazy Click Charge Affiliate Blogs Affiliate Marketing 0 04-06-2007 03:49 AM
Community News: DreamStats "rootpath" File Inclusion Vulnerability Identified Affiliate Blogs Programming Help 0 02-06-2007 05:23 PM
Yahoo Inclusion jack9930@msn.com Search Engine Optimization / Marketing 0 12-17-2004 11:45 PM
Why Pay-Per-Inclusion Search Engines Are Dying ValiantMarketer Search Engine Optimization / Marketing 1 11-12-2004 11:41 PM



© 2004-6 RevenueSource.com.  All rights reserved.  Do not duplicate or redistribute in any form.
This website and its logos/design are property of RevenueSource.com.  All rights reserved. vBSEO 3.2.0 RC7

Contact Us - Affiliate Marketing & SEO Forums - Archive - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34