[VIM] true: 2 distinct LMS RFI, one old, one new; and vague ACK

Steven M. Christey coley at mitre.org
Thu Apr 26 23:24:18 UTC 2007

== RFI 1 ==

Researcher: InyeXion
Ref: BUGTRAQ lms 1.5.3 Remote File Inclusion

This is a 2-year-old version.  I grabbed it:


and the first executable line is as stated:


This line does not appear in later versions:


== RFI 2 ==

Researcher: Kacper
Ref: http://www.milw0rm.com/exploits/3545

For version 1.8.9:

The first lines in welcome.php are:


the only line in userpanel.php is:


== Vendor ACK of... something. ==

Vendor changelog is at http://www.lms.org.pl/changelog.php

ChangeLog,v 1.1115 2007/04/24 has:

  version ? (????-??-??):


  fixed some remote file inclusion vulnerabilities when
  register_globals is enabled (alec)

But since the vulnerable 1.8.9 is the latest available version, it's
not provable that the vendor is talking about RFI 2, instead of some
other issue.

- Steve

More information about the VIM mailing list