[VIM] Help Center Live
George A. Theall
theall at tenablesecurity.com
Wed Aug 2 11:58:55 EDT 2006
I don't know if anyone's looked into this yet, but the flaw in Help
Center Live reported by Dr. Google (see BID 19256) is a local file
include flaw, not just a directory traversal. It is also closely related
to an earlier flaw, covered by BID 15404. To fix that issue, the code in
'templates/*/module.tpl' was changed from:
include_once(dirname(__FILE__).'/../../..'.addslashes($_GET['file']));
to this:
if (!strpos($_GET['file'], '..')) {
include_once(dirname(__FILE__).'/../../..'.addslashes($_GET['file']));
...
Trouble is, strpos() returns 0 if 'file' starts with ".." so the code
change only partially resolved the earlier issue.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list