[VIM] # MHG Security Team ---Rumble 1.02 version Remote File Inc.

Steven M. Christey coley at linus.mitre.org
Mon Jun 5 18:28:37 EDT 2006

On Mon, 5 Jun 2006, George A. Theall wrote:

> And maybe I've just been staring at things too much today, but I fail to
> see how this is a flaw as it is currently written  - the script
> initializes the array at the start and only sets variables, never
> calling another PHP script.

I don't see anything relevant either...

from config.php (in 1.02):

  $configArr = array();
  // 'pathtodir' = the absolute path to directory containing your "rumble"
  $configArr['pathtodir'] = "http://dev.monokromatik.com/rumble/";

Nothing else is provided.

Maybe it was a custom site that was tested?

- Steve

More information about the VIM mailing list