[VIM] # MHG Security Team ---Rumble 1.02 version Remote File Inc.
Steven M. Christey
coley at linus.mitre.org
Mon Jun 5 18:28:37 EDT 2006
On Mon, 5 Jun 2006, George A. Theall wrote:
> And maybe I've just been staring at things too much today, but I fail to
> see how this is a flaw as it is currently written - the script
> initializes the array at the start and only sets variables, never
> calling another PHP script.
I don't see anything relevant either...
from config.php (in 1.02):
$configArr = array();
//--------------------------------------------------------------------
// 'pathtodir' = the absolute path to directory containing your "rumble"
install
//--------------------------------------------------------------------
$configArr['pathtodir'] = "http://dev.monokromatik.com/rumble/";
Nothing else is provided.
Maybe it was a custom site that was tested?
- Steve
More information about the VIM
mailing list