[VIM] Jetbox CMS file include - CVE dispute
Stuart Moore
smoore at securityglobal.net
Wed Aug 30 01:42:55 EDT 2006
Steve,
I'm confused. The PHP tags are awkward, but not nested. It seems that
all of the include statements are fully within the phpdigSearch()
function, but the function is not actually called within that file, and
so it cannot be exploited. The function *is* called from search.php
(and that is the only calling script), but the $relative_script_path
parameter is defined right before the call.
Stuart
Steven M. Christey wrote:
> On Tue, 29 Aug 2006, Steven M. Christey wrote:
>
>> And in fact, we have this:
>>
>> else {
>> ?>
>> <?php include $relative_script_path.'/libs/htmlheader.php' ?>
>
> Sorry, I should have been more clear. Notice the closing "?>" after the
> else. Why the developer did this when they just open a new "<?php" tag is
> unknown, but the key is the "?>"
>
> - Steve
>
--
Stuart Moore
SecurityTracker.com
SecurityGlobal.net LLC
smoore at securityglobal.net
+1 301 495 5930 voice
+1 413 691 4346 fax
More information about the VIM
mailing list