Hendrik Weimer wrote:
> Martin Schulze <[EMAIL PROTECTED]> writes:
>
> > How can the diricons and config parameters be exploited? From a quick
> > glance I can't find an open associated with $DirIcons.
>
> The diricons issue is a XSS vulnerability. It has nothing to do with
> the two other holes (which lead to arbitrary code execution) other
> than they all are a case of missing input sanitizing.
Umh... but since the query_string is already sanitised globally
how can XSS still happen? Was the sanitising not sucessful?
Regards,
Joey
--
It's time to close the windows.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
