[VIM] SPAW Editor (bid 19603)
Stuart Moore
smoore at securityglobal.net
Sun Aug 20 00:45:53 EDT 2006
Hi,
Botan's posting says that 'spaw_dir' is vulnerable to remote file
inclusion, but ... the supposedly affected scripts include this prior to
referencing the parameter:
include '../config/spaw_control.config.php';
And, for older version such as 1.0.7 and 1.1, the
spaw_control.default.config.php (which the readme says to rename to
spaw_control.config.php) says:
$spaw_dir = '/spaw/';
For version 1.2beta 2, the config says:
$spaw_root = realpath(dirname(__FILE__)."/..");
if (!ereg('/$', $spaw_root))
$spaw_root = $spaw_root."/";
// directory where spaw files are located
$spaw_dir = str_replace($_spawsrvvars['DOCUMENT_ROOT'],'',$spaw_root);
if (!ereg('^/', $spaw_dir))
$spaw_dir = "/".$spaw_dir;
So, it appears that the spaw_dir should not be vulnerable to file
inclusion unless a site is improperly configured. Right? Maybe the
config file renaming is confusing to some admins.
Stuart
More information about the VIM
mailing list