[VIM] false: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy

GM darkfig gmdarkfig at gmail.com
Sun Apr 15 12:46:22 UTC 2007


Link: http://www.securityfocus.com/archive/1/465739/30/0/threaded
Author: the_3dit0r at yahoo.com

Quote from the thread:
"www.example.com/[path]/install/index.php?content_php=[shell-Script]"

install/index.php:
include(SYS_WORK_DIR."/page_handler.php");

page_handler.php:
case '3':
$content_title = $strStep3;
$content_html = "step3.html";
$content_php = "step3.php";
break;
case '2':
$content_title = $strStep2;
$content_html = "step2.html";
$content_php = "step2.php";
break;[...]

install/index.php (after):
include(SYS_WORK_DIR."/".$content_php);


More information about the VIM mailing list