[VIM] Bogus: mxBB Module mx_glance 2.3.3 Remote File Include Vulnerability
str0ke
str0ke at milw0rm.com
Mon Oct 1 01:35:17 UTC 2007
Check out where the /* starts and */ ends. Must of been a coding
mistake but the vulnerability is there.
/str0ke
George A. Theall wrote:
> Milw0rm 4470 / Bugtraq 25866 seems bogus to me -- looking at the copy
> of contrib/mx_glance_sdesc.php included in
> http://www.mx-system.com/modules/mx_pafiledb/dload.php?action=download&file_id=336
> shows this:
>
> ---- snip, snip, snip ----
> <?php
> /**
> *
> * @package mxBB Portal Module - mx_glance
> * @version $Id: mx_glance.php,v 2.3.3 2007/01/31 11:58:22 OryNider Exp $
> ...
> if( !defined('IN_PORTAL') || !is_object($mx_block))
> {
> die("Hacking attempt");
> }
> ---- snip, snip, snip ----
>
> So direct calls to the affected script will fail.
>
>
> George
More information about the VIM
mailing list