[VIM] snif RFI curiosity

Steven M. Christey coley at mitre.org
Mon Dec 4 00:15:09 EST 2006

Researcher: S.W.A.T.

Ref: http://www.milw0rm.com/exploits/2868

Claimed POC:


A CVE analyst noted that in the referenced URL, we have:

  $externalConfig = "";

on line 428, and:

  if ($externalConfig!="") {

on line 1227.

While $_GET is cleansed in a way that feels funny on line 1215, there
is no apparent dynamic variable evaluation, include/require, or eval
in between the two lines.

So this report might not be valid, but with such a gap in the code,
I'm not sure.

- Steve

More information about the VIM mailing list