[VIM] Jetbox CMS file include - CVE dispute

Stuart Moore smoore at securityglobal.net
Wed Aug 30 01:42:55 EDT 2006


I'm confused.  The PHP tags are awkward, but not nested.  It seems that 
all of the include statements are fully within the phpdigSearch() 
function, but the function is not actually called within that file, and 
so it cannot be exploited.  The function *is* called from search.php 
(and that is the only calling script), but the $relative_script_path 
parameter is defined right before the call.


Steven M. Christey wrote:
> On Tue, 29 Aug 2006, Steven M. Christey wrote:
>>   And in fact, we have this:
>>     else {
>>     ?>
>>     <?php include $relative_script_path.'/libs/htmlheader.php' ?>
> Sorry, I should have been more clear.  Notice the closing "?>" after the
> else.  Why the developer did this when they just open a new "<?php" tag is
> unknown, but the key is the "?>"
> - Steve

Stuart Moore
SecurityGlobal.net LLC
smoore at securityglobal.net
+1 301 495 5930 voice
+1 413 691 4346 fax

More information about the VIM mailing list