[VIM] ModuleBased CMS file include - CVE dispute

Heinbockel, Bill heinbockel at mitre.org
Fri Sep 1 14:08:59 EDT 2006

Researcher: ScorpinO
BUGTRAQ:20060829 ModuleBased CMS alfa 1 Multiple Remote File Inclusion

Provides several code snippets that show an include with the
$_SERVER[DOCUMENT_ROOT] parameter, including:


with the POC: htt
p://www.example.com/[mbcms]/admin/avatar.php?_SERVER=[evil script]

In PHP it is not possible to redeclare the _SERVER global array or the
_SERVER[DOCUMENT_ROOT] index. Hence, there is no possible way for an
to modify any of the variables inside the claimed include statements.

A download and verification of the code shows the php is as presented
the researcher. So no chance of a copy/paste error...

William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org

More information about the VIM mailing list