[VIM] true: [Full-disclosure] Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb)

Noam Rathaus noamr at beyondsecurity.com
Tue Feb 13 04:53:01 EST 2007


Hi,

The vulnerability is there... pValid simply verifies that the page you 
requested is the page being displayed, so I need to call my malware the same 
as status.php or any of the other files found to be linked inside the PHP.

<snip>
 $p = $_REQUEST['p'];
 if( !$p ) $p="$cfg->defaultPage";
</snip>

<snip>
    <?php
    if( $pValid ) {
        include "$p";
    } else {
        print "<div class=warning>$p is not a valid page...</div>";
    }
    ?>
</snip>

-- 
  Noam Rathaus
  CTO
  1616 Anderson Rd.
  McLean, VA 22102
  Tel: 703.286.7725 extension 105
  Fax: 888.667.7740
  noamr at beyondsecurity.com
  http://www.beyondsecurity.com
-------------- next part --------------
An embedded message was scrubbed...
From: Sebastian Wolfgarten <sebastian at wolfgarten.com>
Subject: [Full-disclosure] Arbitrary file disclosure vulnerability in php
	rrd browser < 0.2.1 (prb)
Date: Sun, 11 Feb 2007 17:19:09 +0100
Size: 5968
Url: http://www.attrition.org/pipermail/vim/attachments/20070213/dca05f8c/attachment.mht 


More information about the VIM mailing list