[VIM] Bogus: Segue CMS <= 1.8.4 index.php Remote File Inclusion Vulnerability
George A. Theall
theall at tenablesecurity.com
Mon Oct 1 18:13:20 UTC 2007
On 10/01/07 14:03, str0ke wrote:
> Test it out with globals = off
>
> Seems hes doing some hacking look at index.php for register_globals.
>
> So they need register_globals to be off for this vuln to work properly
> << kind of scary.
You're right again. In includes.inc.php, there's a call to
import_request_variables() if register_globals is *not* set.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list