[VIM] clarification of "VihorDesign" (not VihorDesing) issues

security curmudgeon jericho at attrition.org
Mon Mar 27 12:52:15 EST 2006


: With PHP <5.0.0 I can't see a way you can get an fopen in PHP to run 
: arbitrary code with the default wrappers (unless you've previously 
: defined a new handler or perhaps installed a third-party stream 
: wrapper).  Now with PHP 5.0.0 you might be able to use the default 
: filter handler "php://filter...." to write to a file and perhaps pick 
: one which will gets executed (I don't have PHP 5 handy to try it)
: 
: This is certainly more useful to an attacker to return arbitrary files 
: that the web server can read if safe_mode is off (page=/etc/passwd etc) 
: than XSS though.

Interesting, as Secunia published:

http://secunia.com/advisories/19403/

  Input passed to the "page" parameter isn't properly verified, before it 
  is used to display files. This can be exploited to display arbitrary 
  files from local resources via directory traversal attacks.

  Successful exploitation requires that "register_globals" is enabled.



More information about the VIM mailing list