[VIM] clarification: Limbo - Lite Mambo CMS Multiple

[security curmudgeon]

Reference:
http://archives.neohapsis.com/archives/bugtraq/2006-09/0264.html
http://secunia.com/advisories/21944/
http://www.limboforge.org/

I don't feel like converting all this to a nice formal post, i'm lazy and 
behind =) Sullo did some digging into this post to clarify a few things. 
Specifically the "create directory" stuff toward the end. These are not 
part of the Limbo default install, rather they are add-ons. Here is some 
of the relevant findings:

[09-19 20:10] sullo: dunno...those 3 files don't exist in my download
[09-19 20:10] jericho: ... great

[09-19 20:11] sullo: sec -- found the sitemap.install.php file in an add-on
[09-19 20:11] sullo: if(!is_dir($lm_absolute_path."feed/"))         { 
mkdir($lm_absolute_path."feed/",0777);         }
[09-19 20:11] sullo: soooo
[09-19 20:12] sullo: lm_absolute_path is controlled in the URI, so you can 
create a path + /feed directory
[09-19 20:12] sullo: and then htere is
[09-19 20:12] sullo: if(!is_file($lm_absolute_path."feed/sitemap.php")) 
{         $handle = fopen($lm_absolute_path."feed/sitemap.php", "w"); 
fclose($handle);         }
[09-19 20:13] sullo: so you can create a file and a dir
[09-19 20:13] sullo: don't see that you can put any contents in the file
[09-19 20:14] jericho: if im local though..
[09-19 20:15] jericho: i use it to create a 777 file anywhere on system?
[09-19 20:15] jericho: owned by web server privs
[09-19 20:15] sullo: seems like it...

[09-19 20:24] sullo: ok, it's components
[09-19 20:24] sullo: Google Sitemap Component
[09-19 20:24] sullo: Limbo Sitemap Component
[09-19 20:24] sullo: both have that same code.
[09-19 20:25] sullo: those are two of them
[09-19 20:25] sullo: gositemap.install.php is the google one

[09-19 20:46] jericho: second page
[09-19 20:46] jericho: Gallery Component

http://www.limboportal.com/index.php/option/downloads/catid/31/Itemid/46

Two of them are on this page, then click 'next' for second page and the 
third.