[VIM] Igloo DoublSpeak vuln
Sullo
sullo at cirt.net
Sun Jul 23 11:31:05 EDT 2006
CVE-2006-3069
BID:18401
SECTRACK:1016278
Since this guy posted
(http://archives.neohapsis.com/archives/bugtraq/2006-06/0184.html) I
checked out the source and confirmed he's right. The "advisory" author
didn't bother to read more source or, I bet, even try it...
>From index.php:
require 'config.inc';
require $config[private].'/storyfun.inc';
require $config[private].'/local.inc';
Looks vuln, maybe? Except in the config.inc it says:
'private' => '/www/mrpenguin.org/devel/private',
So... I don't see a path for exploit.
Now, if config.inc is in your web root... that's a different problem as
it has your mysql db connection info it. Also, I think the scripts
relies on register globals as I see a lot of values being used in SQL
that aren't defined and don't have any input validation on them... you
know what that means--but I don't have time right now to dig into this
further.
-Sullo
--
http://www.cirt.net/ | http://www.osvdb.org/
More information about the VIM
mailing list