[VIM] Oddness - CoreNews 2.0.1 Remote Command Exucetion
George A. Theall
theall at tenablesecurity.com
Mon Mar 13 21:15:00 EST 2006
Steven M. Christey wrote:
> Could this be a site-specific issue that is unrelated to CoreNews? Or
> maybe there's a modified version that's also called "2.0.1" ?
There are a couple of addons for CoreNews available here:
http://corenews.icestyle.de/
The next-page and page-direktlinks hacks seem to add the functionality:
http://corenews.icestyle.de/download/nextpage.howto-install.hack
http://corenews.icestyle.de/download/new_next-page
through changes to shownews.php. Also worth noting is the presence of an
eval() in the original source, although it seems like most of the mods
from these two addons occur *after* the eval. Then again,
> Or maybe there's only so much you can see from a casual source
> inspection :)
At least you have the source - <http://www.php-spezial.de/> isn't
working for me.
P.S. I'm new to the list and hope I'm not violating protocol by jumping
in like this.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list