[VIM] CVE dispute - old Somery team.php RFI

Steven M. Christey coley at mitre.org
Mon Feb 12 16:50:41 EST 2007


Researcher: SpC-x

Ref: BID:18412, OSVDB:27662

Raw source: http://www.root-security.org/danger/Somery.txt  (now 404)
Alternate: http://packetstorm.linuxsecurity.com/0606-exploits/Somery.txt

Claimed vectors: team.php?checkauth


The original advisory provides enough context:

# include("system/include.php");
# if ($checkauth) {
...
# http://www.victim.com/Somery/team.php?checkauth=Command-Shell

Obviously since $checkauth is in a conditional, RFI existence is
highly suspicious.

Just to be sure, I downloaded 0.4.4 and grepped for "checkauth" in the
whole product, and it's only used in conditionals (when it's not being
set to 1 or 0, that is).

- Steve


More information about the VIM mailing list