International PHP Conference - Call for Papers

SEE ENGLISH VERSION BELOW Auf der Zielgeraden zur IPC Spring möchten wir Euch schon jetzt einladen, Eure Themen, Ideen, Vorschläge für die International PHP Conference im Oktober einzureichen. Die International PHP Conference findet vom 9. bis 12. Oktober 2011 in der Rheingoldhalle in Mainz statt

WebTech Conference 2011 Call for Papers

Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz Web: http://www.ceilers-it.de Blog: http://www.ceilers-news.de/

Re: e107 latest download link is backdoored

at the top,followed by many links in the format a href='/wiki/docs/html/.store/[Spamtext]-[Number].php'medical spam/a, before the DOCTYPE-Declaration. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Multiple Vulnerabilities in iAntiVirus

-folders and the folders of every user. Solution None Credits Carsten Eilers Original advisory http://www.ceilers-it.de/advisories/iantivirus.html (also as german version) Regards Carsten Eilers

Re: Gstebuch Version 1.5 Remote Command Execution Vulnerability

[EMAIL PROTECTED] schrieb am Fri, 10 Aug 2007 09:57:48 +: echo meta http-equiv='refresh' content='0;URL=install.php'; redirecting brotha ;) Not RFI Nice try, but you should read the lines above the redirection, too: | ?php | session_start(); | include($config[root_ordner].'config.php'); |

Re: HitWeb v3.0 - Remote File Include Vulnerabilities

-- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: AzzCoder = PNphpBB (Latest) Remote File Include

of function-declarations. So in this script is no vulnerability. Where did you find the vulnerable script/programm? Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: AzzCoder = PNphpBB (Latest) Remote File Include

...); | } But there is no include() anymore. Older versions not tested. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: AzzCoder = PNphpBB (Latest) Remote File Include

://www.pnphpbb.com/ to Sourceforge, so I would never looked there. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: mcLinksCounter v1.1 - Remote File Include Vulnerabilities

. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities

? I used PHP 4.3.10, Apache 1.3.33, Mac OS X 10.3.9. try it then judge... BTDT. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities

of the currently executing script. If one of them can be manipulated from remote, than that may be a vulnerability in PHP or the webserver, but not in the PHP-scripts. So there is no vulnerability. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers

Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit

Hi Frank, Frank Reißner schrieb am Fri, 8 Sep 2006 03:14:15 +0200: You can bypass unset in php 4.4.4 and 5.14. :) Yes. But that's a vulnerability in PHP, not in whatever script make use of it. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http

Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit

- No Patch available. No patch necessary. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: ModuleBased CMS alfa 1 Multiple Remote File Inclusion

. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: Submit ( ToendaCMS= ( Remote File Include Vulnerabilities )

(that one in setup/inc/database.php) this directory traversal is nearly useless. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: CuteNews 1.3.* Remote File Include Vulnerability

--- Discovered by: rUnViRuS (worlddefacers.de) Credit for what? A non-existing vulnerability? OK: Applaus, applaus, applaus... ;-) Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: JetBox cms (search_function.php) Remote File Include

. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: Modification For OpenSEF Remote file Inclusion

/** Ensure this file is being included by a parent file */ defined( '_VALID_MOS' ) or die( 'Direct access to this location is not allowed.' ); at the top of the file, so it's impossible to call it directly and manipulate any variable. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und

Re: Joomla RF#304; ( ERNE )

script should this vulnerability be? Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability

of this script you find | if (!defined('_IN_PHM_')) die(); So if you call it direct, which hat to be done to manipulate _PM_[path][lib], it will die without any code-execution after this line. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2)

?path_pre=http://cmd.gif? All of this script intialize $path_pre and I see no way to manipulate them between initialization and usage. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: Mambo Component - EstateAgent Remote File Inclusion

and let this script die after direct access. Oh, #3 is always implemented... ;-) Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: ToendaCMS = 1.0.3 -(tcms_administer_site) Remote File Include

of this script the variable is initalized: | include_once('site.php'); | $tcms_administer_site = $tcms_site[0]['path']; After that I found no way to manipulate $tcms_administer_site, so I see no vulnerability. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http

Re: contentpublisher Mambo Component Remote File Include Vulnerabilities

is not allowed.' ); So there is no vulnerability. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: Joomla x-shop = 1.7 Remote File Include Vulnerability

Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: Joomla Rssxt = 1.0 Remote File Include Vulnerability

( $mosConfig_absolute_path./administrator/components/ com_rssxt/class.rssxt.php); rssxt.php checks for direct calls, if you call it direct you got a 'die', but no code-execution oder file inclusion. No file inclusion at all. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http

Re: mtg_myhomepage Component For Mambo R.F.I

a way to call the function. #mtg_homepage.php?mosConfig_absolute_path=SHELL There is no such file. If you mean lmtg_myhomepage.php: This tests for direct calls und dies. No way to includeexcecute. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http

Re: mambo-phphop Product Scroller Module R.F.I

a look on it. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: discloser 0.0.4 Remote File Inclusion (with Exploit)

Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: anjel Mambo Component Remote File Include

in configuration.php, there is no way to manipulate it between the two line, so there is no vulnerability. Please take a look at http://www.securityfocus.com/archive/1/443225/30/0/threaded Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: phpPrintAnalyzer = 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability

sunday here :-)). As I reported yesterday: All execept one are wrong. Looking on the mails from last week, I found this one. Wrong, too, as expected. Shit happens. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: Calendarix = 0.7 (calpath) Remote File Inclusion Vulnerability

Hey Steve, Steven M. Christey schrieb am Mon, 14 Aug 2006 17:54:59 -0400: Carsten Eilers said: Take a look at the top of cal_config.inc.php: # adjust the '$calpath'. # hardcode it if detection does not work and comment out the remaining # code. # # $calpath = C:\\PHP\\calendarix\\demo

Re: myEvent = 1.4 Multiple Remote File Include Vulnerabilities

/[myEvent]/viewevent.php?myevent_path=[Evil Script] Did you test all of them? That way? I don't think so. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: Calendarix = 0.7 (calpath) Remote File Inclusion Vulnerability

out the remaining code. # # $calpath = C:\\PHP\\calendarix\\demo\\ ; $calpath = dirname(__FILE__) ; Ups... Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: miniBloggie = 1.0 (fname) Remote File Inclusion Vulnerability

.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de

Re: Startpage = 1.0 (cfgLanguage) Remote File Inclusion Vulnerability

, PageBottom.php and PageTop.php at the top of the file, in functions.php at the top of relevant functions. No way to include something with cfgLanguage. Regards Carste -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz http://www.ceilers-it.de