[VIM] CVE dispute - old Somery team.php RFI
Steven M. Christey
coley at mitre.org
Mon Feb 12 16:50:41 EST 2007
Researcher: SpC-x
Ref: BID:18412, OSVDB:27662
Raw source: http://www.root-security.org/danger/Somery.txt (now 404)
Alternate: http://packetstorm.linuxsecurity.com/0606-exploits/Somery.txt
Claimed vectors: team.php?checkauth
The original advisory provides enough context:
# include("system/include.php");
# if ($checkauth) {
...
# http://www.victim.com/Somery/team.php?checkauth=Command-Shell
Obviously since $checkauth is in a conditional, RFI existence is
highly suspicious.
Just to be sure, I downloaded 0.4.4 and grepped for "checkauth" in the
whole product, and it's only used in conditionals (when it's not being
set to 1 or 0, that is).
- Steve
More information about the VIM
mailing list