[VIM] true: Vistered Little 1.6a directory traversal

Steven M. Christey coley at mitre.org
Wed May 30 18:35:35 UTC 2007

Previous message: [VIM] Site specific XSS archive
Next message: [VIM] true: Vistered Little 1.6a directory traversal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Researcher: Mahmood_ali
Ref: http://www.milw0rm.com/exploits/3999

from common.css.php:

  if( isset( $_REQUEST[ 'skin' ] ) )
  {
  	$skin = $_REQUEST[ 'skin' ];
  }
  ...
  @readfile( $skin . '.css' );


Presumably, the exploit URL given in the milw0rm item would need a
trailing %00 byte.

- Steve

Previous message: [VIM] Site specific XSS archive
Next message: [VIM] true: Vistered Little 1.6a directory traversal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the VIM mailing list