[VIM] verify Wikiwig wk_lang.php file inclusion
Steven M. Christey
coley at mitre.org
Wed Jun 7 00:23:44 EDT 2006
ref: http://www.milw0rm.com/exploits/1883
Figured I'd check out the claims since Kacper has been showing up more
often.
from the download for version 4_1, here is the relevant stuff from
wk_lang.php:
if(isset($WK)) {
$dir_langs = $WK['wkPath'].$WK['systemDir'].'/lang/';
$file_lang = $dir_langs.$WK['lang'].'.php';
if(!@is_file($file_lang)){ // language file not available
$WK['lang'] = 'fr'; // use default french
require_once $dir_langs.$WK['lang'].'.php';
}
else // retrieves language defs
require_once $file_lang;
This code is at the top, so this file probably expects to be included
by other files. A direct request with a modified $WK['wkPath'] seems
relevant.
By the way - lately I've been suspecting that most PHP file inclusion
issues, and possibly other vulns we see so much in PHP apps, are
enabled by direct requests to files that were never intended to be
accessed directly.
- Steve
More information about the VIM
mailing list