[VIM] Jetbox CMS file include - CVE dispute

Stuart Moore smoore at securityglobal.net
Wed Aug 30 01:42:55 EDT 2006


Steve,

I'm confused.  The PHP tags are awkward, but not nested.  It seems that 
all of the include statements are fully within the phpdigSearch() 
function, but the function is not actually called within that file, and 
so it cannot be exploited.  The function *is* called from search.php 
(and that is the only calling script), but the $relative_script_path 
parameter is defined right before the call.

Stuart


Steven M. Christey wrote:
> On Tue, 29 Aug 2006, Steven M. Christey wrote:
> 
>>   And in fact, we have this:
>>
>>     else {
>>     ?>
>>     <?php include $relative_script_path.'/libs/htmlheader.php' ?>
> 
> Sorry, I should have been more clear.  Notice the closing "?>" after the
> else.  Why the developer did this when they just open a new "<?php" tag is
> unknown, but the key is the "?>"
> 
> - Steve
> 

-- 
Stuart Moore
SecurityTracker.com
SecurityGlobal.net LLC
smoore at securityglobal.net
+1 301 495 5930 voice
+1 413 691 4346 fax





More information about the VIM mailing list