[VIM] SPAW Editor (bid 19603)

Stuart Moore smoore at securityglobal.net
Sun Aug 20 00:45:53 EDT 2006


Botan's posting says that 'spaw_dir' is vulnerable to remote file 
inclusion, but ... the supposedly affected scripts include this prior to 
referencing the parameter:

include '../config/spaw_control.config.php';

And, for older version such as 1.0.7 and 1.1, the 
spaw_control.default.config.php (which the readme says to rename to 
spaw_control.config.php) says:

$spaw_dir = '/spaw/';

For version 1.2beta 2, the config says:

$spaw_root = realpath(dirname(__FILE__)."/..");
if (!ereg('/$', $spaw_root))
   $spaw_root = $spaw_root."/";

// directory where spaw files are located
$spaw_dir = str_replace($_spawsrvvars['DOCUMENT_ROOT'],'',$spaw_root);
if (!ereg('^/', $spaw_dir))
   $spaw_dir = "/".$spaw_dir;

So, it appears that the spaw_dir should not be vulnerable to file 
inclusion unless a site is improperly configured.  Right?  Maybe the 
config file renaming is confusing to some admins.


More information about the VIM mailing list