[VIM] Slight oddities in randshop file inclusion issue(s)
Steven M. Christey
coley at mitre.org
Wed Jul 12 14:54:17 EDT 2006
Refs:
http://www.milw0rm.com/exploits/1971
http://www.securityfocus.com/archive/1/archive/1/439750/100/0/threaded
These posts give two different executables as entry points with a
parameter "dateiPfad".
A *brief* source inspection of 1.2 and 1.1.1 shows heavy use of a
constant variable "DATEIPFAD". The only presence of the mixed-case
"dateiPfad" appears to be a hard-coded set of the $dateiPfad variable,
which is commented out, in config.inc.php for version 1.1.1.
However, this code might all have been fixed by the time I downloaded
it.
So if someone feels like investigating further, feel free. I'm out of
time for this one :)
- Steve
More information about the VIM
mailing list