( ! ) Warning: session_start(): open(/var/lib/php/session/sess_tlb5rg2di5910hjkvap6eopmj1, O_RDWR) failed: No such file or directory (2) in /var/www/bitweaver/live/users/includes/bit_setup_inc.php on line 82
Call Stack
#TimeMemoryFunctionLocation
10.0001232552{main}( ).../index.php:0
20.0001234608require_once( '/var/www/bitweaver/live/kernel/includes/setup_inc.php' ).../index.php:7
30.02491908984BitSystem->scanPackages( ).../setup_inc.php:141
40.02702177264BitSystem->loadPackage( ).../BitSystem.php:1183
50.02702180296include_once( '/var/www/bitweaver/live/users/includes/bit_setup_inc.php' ).../BitSystem.php:1109
60.02742584544session_start ( ).../bit_setup_inc.php:82

( ! ) Warning: session_write_close(): open(/var/lib/php/session/sess_tlb5rg2di5910hjkvap6eopmj1, O_RDWR) failed: No such file or directory (2) in /var/www/bitweaver/live/kernel/includes/classes/BitSystem.php on line 580
Call Stack
#TimeMemoryFunctionLocation
10.0001232552{main}( ).../index.php:0
20.04103342824require( '/var/www/bitweaver/live/forums/includes/view_topic_inc.php' ).../index.php:11
30.07084875216BitSystem->display( ).../view_topic_inc.php:133
40.07104877416BitSystem->preDisplay( ).../BitSystem.php:505
50.07244892264session_write_close ( ).../BitSystem.php:580

( ! ) Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in /var/www/bitweaver/live/kernel/includes/classes/BitSystem.php on line 580
Call Stack
#TimeMemoryFunctionLocation
10.0001232552{main}( ).../index.php:0
20.04103342824require( '/var/www/bitweaver/live/forums/includes/view_topic_inc.php' ).../index.php:11
30.07084875216BitSystem->display( ).../view_topic_inc.php:133
40.07104877416BitSystem->preDisplay( ).../BitSystem.php:505
50.07244892264session_write_close ( ).../BitSystem.php:580
Show Thread: PHP injection vulnerability? - bitweaver
     

PHP injection vulnerability?

Steve

PHP injection vulnerability?

Posted:27 Dec 2007 (19:04 UTC)
Is there any workaround for the recently discovered PHP injection
vulnerability reported here?
Anonymous

Re: PHP injection vulnerability?

Posted:28 Dec 2007 (08:16 UTC)
I read, "if comments are allowed, attackers can use this url /wiki/index.php?page_id=1#editcomments to POST evil scripts and PHP code into the page" - really? I thought HTMLPurifier takes care of this, which has been around since long before version 2?

The other thing, " White Screen of Death: (SQL Injection) - Critical information is listed o nthis page when you inject evil code" ... you can prevent that by setting IS_LIVE to true in kernel/config_inc.php for live servers.
  Page 1 of 1  1 
Post
If you are already registered, please enter your login credentials.
Anonymous Post