[VIM] Source VERIFY - speedberg RFI
Steven M. Christey
coley at mitre.org
Mon Oct 23 15:57:40 EDT 2006
Researcher: k1tk4t
Issue: speedberg 1.2beta1 RFI
http://www.securityfocus.com/archive/1/archive/1/449468/100/0/threaded
k1tk4t lists the following vulnerable files:
entrancePage.tpl.php
generalToolBox.tlb.php
myToolBox.tlb.php
scriplet.inc.php
simplePage.tpl.php
speedberg.class.php
standardPage.tpl.php
Source code inspection of the 1.2beta1 package (URL referenced in the
original advisory) shows that all the aforementioned files have the
following code in the first line:
require_once($SPEEDBERG_PATH."include/speedberg.class.php");
speedberg.class.php itself has:
require_once($SPEEDBERG_PATH."config/general.inc.php");
require_once($SPEEDBERG_PATH."include/settings.inc.php");
require_once($SPEEDBERG_PATH."include/sitemap.class.php");
- Steve
More information about the VIM
mailing list