[VIM] Ji-takz Chat (mycfg) Remote File Inclusion -- another SpC-x failure
Heinbockel, Bill
heinbockel at mitre.org
Mon Jun 19 13:27:22 EDT 2006
Hardly a surprise, but
Took a glance at another SpC-x "vulnerability"
http://www.securityfocus.com/archive/1/archive/1/437430/100/0/threaded
Besides the fact that this is a class declaration where all of the
code is included within functions -- therefore nothing will get
executed
if tag.class.php is called directly, the "mycfg" variable/parameter is
NEVER EVEN USED in this or any other file!
William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615
More information about the VIM
mailing list