[VIM] awrate 1.0 search.php RFI - source verify, small wrinkle
Steven M. Christey
coley at mitre.org
Wed Dec 6 21:24:30 EST 2006
Researcher: DeltahackingTEAM Code :Dr.Trojan&Dr.Pantagon
Ref: http://www.milw0rm.com/exploits/2884
#Vulnerable Code: include_once("$toroot../commonphp/table.php.inc");;
This is actually incorrect or, more precisely, the exploit happens
BEFORE this code is reached, so this vector is moot.
search.php starts with:
include_once("login.php.inc");
include_once("$toroot../commonphp/table.php.inc");
login.php.inc starts with:
include_once($toroot."connection.php.inc");
include_once($toroot."password.php.inc");
include_once($toroot."database.php.inc");
So, the "toroot" parameter manipulation is activated within
login.php.inc, before the $toroot in search.php is even accessed.
- Steve
More information about the VIM
mailing list