[VIM] source verify - Axiom RFI
Steven M. Christey
coley at mitre.org
Wed Jan 10 21:17:40 EST 2007
Researchers: Dr.Pantagon / Dr.Trojan (DeltahackingTEAM)
Ref: http://www.milw0rm.com/exploits/3108
Specified download simply checks that $baseAxiomPath is non-empty
before using it:
if (!isset($baseAxiomPath) || strlen($baseAxiomPath) == 0)
{
Header("Location: index.php");
die();
}
include_once($baseAxiomPath . "/themes/sickphp/theme.php");
So, looks legit.
- Steve
More information about the VIM
mailing list