Month: November 2004
-
Disclosure: SecretSanta SecretSanta.php Malformed Input Remote Path Disclosure Weakness
[This was originally published on OSVDB, now gone, and touched up for style. VulnDB 12143. Discovered while trying to install the script to verify a researcher’s findings.] SecretSanta.phpUsing a ‘ in the account name, full name or group name generates the following error with full install path: Warning: mysql_fetch_row(): supplied argument is not a valid…