[VIM] Looks Bogus: SPIP v1.7 Remote File Inclusion Bug
George A. Theall
theall at tenablesecurity.com
Thu Aug 23 18:15:45 UTC 2007
The remote file include issue in SPIP reported by system-errrror here:
http://www.securityfocus.com/archive/1/477423/30/0/threaded
looks bogus to me. The code snippet claimed to show the vulnerability
occurs in a function call shortly after the affected variable is set; ie:
---- snip, snip, snip ----
function executer_squelette($squelette, $contexte) {
...
if (!$fonctions_squelettes[$squelette]) {
$squelette_cache =
'CACHE/skel_'.rawurlencode($squelette).'.php3';
...
include($squelette_cache);
---- snip, snip, snip ----
This is from inc-calcul.php3 from version 1.7.2,
http://www.spip.net/spip-dev/devel/archive/SPIP-v1-7-2.zip
Now I admit, I didn't bother setting up the app or tracing the code
between where it's set and used above, but it sure smells bogus.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list