[VIM] CONFIRM: OTSCMS file inclusions - PHP5 __autoload
Heinbockel, Bill
heinbockel at mitre.org
Wed Oct 25 10:47:47 EDT 2006
http://www.milw0rm.com/exploits/2622
OTSCMS is written for PHP 5. The vulnerable code for each
of the 3 exploits resembles the following (from 1.4.0):
// function for automatic loading class
function __autoload($class)
{
require_once($GLOBALS['config']['otscms']['directories']['classes']
. $class . '.php');
}
In PHP5, the __autoload function is used to signal the PHP interpreter
how to load an unrecognized PHP object. So, if there is any class used
later that is not in an already included file, the __autoload function
will be automatically called. So on line 38, there is:
// initializes SQL database connection
$sql = new SQL($config['sql']['host'], $config['sql']['user'],
$config['sql']['password'], $config['sql']['database'],
$config['sql']['prefix']);
Therefore, __autoload will be called when the interpreter reaches this
line.
William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615
More information about the VIM
mailing list