[VIM] Source VERIFY of Enigma Coppermine Bridge RFI
Steven M. Christey
coley at mitre.org
Thu Jan 4 15:38:08 EST 2007
Researcher: xoron
Ref: http://www.milw0rm.com/exploits/3050
Interesting how almost the exact same line in 2 separate disclosures
can have one dispute and one verification.
Using the download identified in the original disclosure, possibly
version 1.0 (inferred from Enigma Files/modules/Mod_Coppermine.php),
we have:
global $BRIDGE, $boarddir, $portalSources, $portal_version, $context, $settings, $user_info;
...
require_once($boarddir . '/PortalSources/Portal.ini.php');
with no includes/etc. beforehand.
- Steve
More information about the VIM
mailing list