Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: newsPHP v216 patch

newsPHP v216 patch

From: Dariusz 'Officerrr' Kolasinski <officerrr_at_poligon.com.pl>
Date: Sun, 4 Jan 2004 22:13:49 +0100

This small patch will fix the
'newsPHP arbitary file inclusion & bad login validation'
bug published on 1st sepember 2003.

===+++===+++===+++
Product: newsPHP
Version: <= v216
Vendor: http://www.nphp.net
Bug discover by: Officerrr <officerrr_at_poligon.com.pl>
Vendor Response: no patch released since 1st September
===+++===+++===+++

Patch:
===+++===+++===+++
diff -ruN nphp/nfunc.php nphp.ofi/nfunc.php
--- nphp/nfunc.php 2003-01-08 16:40:00.000000000 +0100
+++ nphp.ofi/nfunc.php 2004-01-04 21:47:08.000000000 +0100
@@ -292,6 +292,7 @@
   function LoadSettings(&$config, &$users)
   {
     global $nphp_files, $nphp_common;
+ unset($users,$config);
     $raw_config = file($nphp_files["config"]);
         
     $id=0;
===+++===+++===+++ 

-- 
Pozdrawiam,
Dariusz 'Officerrr' Kolasinski
<Linux Administrator> <gg: 516354>
"Living on a razors edge, Balancing on a ledge"
Received on Jan 05 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos