[VIM] Slight oddities in randshop file inclusion issue(s)

Steven M. Christey coley at mitre.org
Wed Jul 12 14:54:17 EDT 2006


Refs:

  http://www.milw0rm.com/exploits/1971

  http://www.securityfocus.com/archive/1/archive/1/439750/100/0/threaded

These posts give two different executables as entry points with a
parameter "dateiPfad".

A *brief* source inspection of 1.2 and 1.1.1 shows heavy use of a
constant variable "DATEIPFAD".  The only presence of the mixed-case
"dateiPfad" appears to be a hard-coded set of the $dateiPfad variable,
which is commented out, in config.inc.php for version 1.1.1.

However, this code might all have been fixed by the time I downloaded
it.

So if someone feels like investigating further, feel free.  I'm out of
time for this one :)

- Steve


More information about the VIM mailing list