[VIM] Source VERIFY: nsGalPHP RFI
Steven M. Christey
coley at mitre.org
Tue Jan 30 10:53:31 EST 2007
Researcher: S.W.A.T.
Ref: http://milw0rm.com/exploits/3205
The code extract is as appears. includes/config.inc.php has:
include_once($racineTBS.'includes/tbs_class.php');
with no prior includes or definitions of $racineTBS.
Of note is that the researcher was not fooled by the main files, such
as connexion.php and index.php, which have:
$racineTBS = '';
require_once($racineTBS.'includes/config.inc.php');
and thus don't have RFI.
This is a good demonstration of a realization that I recently had -
PHP application developers don't expect that their library files will
be directly called, and this is probably the main source of RFI's.
- Steve
More information about the VIM
mailing list