[VIM] False: ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure

GM darkfig gmdarkfig at gmail.com
Thu Apr 26 18:39:01 UTC 2007


I think these functions do something like this:
- If $array[$x] == '..' and $array[$x-1] != ..
  then replace '<directory>/../' by ''.

So readfile('xd/../yuh/../hello.php); is the same as readfile('hello.php');

> > Interesting behaviour... it seems to be something special about
> > readfile() as replacing that with, say, include(), reports no such file
> > / directory.

For me, with include() i have the same results (Windows):

C:\Documents and Settings\root\Desktop>cat a.php
<?php
$feed = "http/../../../../file.php";
if($feed != '' && strpos($feed, 'http') === 0){
include($feed);
}
?>

C:\Documents and Settings\root\Desktop>cat c:/file.php
<?php
echo "hello";
?>


More information about the VIM mailing list