[VIM] Free Articles Directory - file inclusion, code execution?
security curmudgeon
jericho at attrition.org
Wed Mar 22 05:45:03 EST 2006
http://archives.neohapsis.com/archives/bugtraq/2006-03/0396.html
Original disclosure isn't very clear, but the sample looks like it is
passing arbitrary commands to be executed:
http://[target]/index.php?page=evilcode?&cmd=uname -a
http://www.secunia.com/advisories/19320/
Secunia is calling this local/remote file inclusion. Clarification or
different issue?
More information about the VIM
mailing list