Changeset 743

Timestamp:

05/04/2012 02:36:51 PM (13 months ago)

Author:

sullo

Message:

Check for straight <?php without highlighting, and use ? to let server decide what index file is in use.

File:

• trunk/databases/db_tests (modified) (1 diff)

trunk/databases/db_tests

@@ -6508 +6508 @@
 "006521","0","7","/../../windows/dvr2.ini","GET","\[generic\]","","","","","Tibetsystem DVR allows arbitrary file retrieval. See http://packetstormsecurity.org/files/109547/tibetsystem-traversal.txt","",""
 "006522","18255","7","/htdocs/../../../../../../../../../../../etc/passwd","GET","root:","","","","","SAP Internet Graphics Server (IGS) directory traversal","",""
-"006523","","38","/index.php?-s","GET","\"\>\&lt\;\?php","","","","","PHP allows retrieval of the source code via the -s parameter, and may allow command execution. See http://www.kb.cert.org/vuls/id/520827","",""
-"006523","","38","/login.php?-s","GET","\"\>\&lt\;\?php","","","","","PHP allows retrieval of the source code via the -s parameter, and may allow command execution. See http://www.kb.cert.org/vuls/id/520827","",""
+"006523","","38","/?-s","GET","\"\>\&lt\;\?php","<\?php","","","","PHP allows retrieval of the source code via the -s parameter, and may allow command execution. See http://www.kb.cert.org/vuls/id/520827","",""
+"006523","","38","/login.php?-s","GET","\"\>\&lt\;\?php","<\?php","","","","PHP allows retrieval of the source code via the -s parameter, and may allow command execution. See http://www.kb.cert.org/vuls/id/520827","",""