[VIM] [true] CWB pro 1.5 INCLUDE_PATH RFI

Steven M. Christey coley at mitre.org
Mon Apr 2 21:17:31 UTC 2007


Ref: http://www.milw0rm.com/exploits/3628

first executable lines of the 373_cwbs1.5_demo.zip download:

cls_headline_prod.php

  include_once($INCLUDE_PATH."cls_products.php");

cls_listorders.php

  include_once($INCLUDE_PATH."cls_products.php");
  [and about 5 other includes]

cls_viewpastorders.php

  include_once($INCLUDE_PATH."cls_products.php");
  include_once($INCLUDE_PATH."cls_discounts.php");


- Steve


More information about the VIM mailing list