[VIM] true: SimpCMS Light RFI

Steven M. Christey coley at mitre.org
Thu Apr 12 17:55:00 UTC 2007

Previous message: [VIM] Milw0rm 3719 (Mybb <= 1.2.2)
Next message: [VIM] true: SimpCMS Light RFI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Researcher: Dr.RoVeR
Ref: http://www.milw0rm.com/exploits/3705

index.php calls functions.php, which itself contains:

  if (isset($_GET[site]))
  {
    $site=$_GET[site];
  }
  else
  {
    $site= "home";
  }

Later in index.php, we see the 'include $site.".php"' referenced by
the researcher.

So, in this case, it looks like we don't need register_globals.

- Steve

Previous message: [VIM] Milw0rm 3719 (Mybb <= 1.2.2)
Next message: [VIM] true: SimpCMS Light RFI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the VIM mailing list