[VIM] False: ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure
Steven M. Christey
coley at linus.mitre.org
Thu Apr 26 01:19:19 UTC 2007
On Wed, 25 Apr 2007, George A. Theall wrote:
> > (I verified that my PHP 4.4.4 will accept an "up-and-down" traversal with
> > a non-existent subdirectory. This usually works in other traversal
> > scenarios too, not just PHP.)
>
> I think that works under Windows but not *nix.
For PHP anyway, it works like a charm on my Solaris box.
$feed = "http/../../../test.txt";
if($feed != '' && strpos($feed, 'http') === 0){
readfile($feed);
}
(where test.txt is my default directory traversal test file, and the PHP
app's location doesn't have an http subdirectory).
That said, I vaguely remember running across situations where a
non-existent subdirectory would prevent an attack from working; maybe
there are variations depending on whether realpath() is used or not?
- Steve
More information about the VIM
mailing list