[22807] in bugtraq
Re: twlc advisory: all versions of php nuke are vulnerable...
daemon@ATHENA.MIT.EDU (Bernd Schnitzer)
Sun Oct 7 03:11:55 2001
Message-ID: <3BBF9C40.C64DB0C7@gmx.net>
Date: Sun, 07 Oct 2001 02:05:20 +0200
From: Bernd Schnitzer <bernd.schnitzer@gmx.net>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
>Alternative "quickfix"; change
> "if($upload) {" to
> "if (($upload) && ($admintest)) {"
To fix the $file/$file_name bug in admin.php, change the line
"if ((isset($file)) AND ($file != "none")) {"
to
"if ((isset($file)) AND ($file != "none") AND ($admintest)) {"
/B.S.
