[VIM] Cyboards PHP RFI: true for 1.21, fixed in at least 1.25
Steven M. Christey
coley at mitre.org
Wed Apr 11 23:57:09 UTC 2007
Researcher: bd0rk
Ref: http://www.milw0rm.com/exploits/3660
Version 1.21 is the URL provided by the researcher.
Version 1.25 was obtained from
http://www.hotscripts.com/Detailed/10651.html
A diff of include/default_header.php says:
diff -r cyboards-morph/include/default_header.php cyboards/include/default_header.php
13,15c13
< echo "<style>\n";
< include("$script_path/include/default_style.css");
< echo "\n</style>";
---
> echo "<LINK REL=STYLESHEET HREF='$script_url/include/default_style.css' TYPE='text/css'>\n\n";
So, the include got removed sometime between 1.21 and 1.25, probably
accidentally.
- Steve
More information about the VIM
mailing list