[VIM] true: SimpCMS Light RFI
str0ke
str0ke at milw0rm.com
Thu Apr 12 18:34:41 UTC 2007
Seems that the Medium / Heavy versions are also affected.
/str0ke
On 4/12/07, Steven M. Christey <coley at mitre.org> wrote:
>
> Researcher: Dr.RoVeR
> Ref: http://www.milw0rm.com/exploits/3705
>
> index.php calls functions.php, which itself contains:
>
> if (isset($_GET[site]))
> {
> $site=$_GET[site];
> }
> else
> {
> $site= "home";
> }
>
> Later in index.php, we see the 'include $site.".php"' referenced by
> the researcher.
>
> So, in this case, it looks like we don't need register_globals.
>
> - Steve
>
More information about the VIM
mailing list