[VIM] Ji-takz Chat (mycfg) Remote File Inclusion -- another SpC-x failure

Heinbockel, Bill heinbockel at mitre.org
Mon Jun 19 13:27:22 EDT 2006

Hardly a surprise, but

Took a glance at another SpC-x "vulnerability"

Besides the fact that this is a class declaration where all of the
code is included within functions -- therefore nothing will get
if tag.class.php is called directly, the "mycfg" variable/parameter is 
NEVER EVEN USED in this or any other file!

William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org

More information about the VIM mailing list