[VIM] true with clarification: fishcart RFI

str0ke str0ke at milw0rm.com
Thu Aug 9 20:59:11 UTC 2007


The version before it should be vulnerable as well.  3.2RC1?

/str0ke

On 8/9/07, Steven M. Christey <coley at mitre.org> wrote:
>
> Ref: http://www.milw0rm.com/exploits/4271
>
> Specified CVS snapshot "fishcart_snap_2007_08_03.tgz" no longer
> exists.
>
> milw0rm title says "<= 3.2RC2"
>
> For Version 3.1 in fishcart_v3/fc_functions/fc_example.php:
>
>   <?php require('DOCROOT/DIRECTORY/fc_functions/fc_functions.php'); ?>
>
> so no go on that version anyway.
>
> HOWEVER, version 3.2RC2 has:
>
>   <?php require($docroot.'/FCDIRECTORY/fc_functions/fc_functions.php'); ?>
>
> as its first line.
>
> Older versions are available but I didn't check.
>
> - Steve
>


More information about the VIM mailing list