[VIM] Igloo DoublSpeak vuln

security curmudgeon jericho at attrition.org
Sun Jul 23 12:04:41 EDT 2006


: So...  I don't see a path for exploit.
: 
: Now, if config.inc is in your web root... that's a different problem as 
: it has your mysql db connection info it.  Also, I think the scripts 
: relies on register globals as I see a lot of values being used in SQL 
: that aren't defined and don't have any input validation on them... you 
: know what that means--but I don't have time right now to dig into this 
: further.

now 404:

http://www.aria-security.net/advisory/igloo/doublespeak.txt 


More information about the VIM mailing list