[VIM] true w/caveat: GeekLog glConf[path_libraries] RFI
Steven M. Christey
coley at mitre.org
Wed Feb 7 01:02:00 EST 2007
Researcher: GolD_M(Mahmnood_ali)
Ref: http://www.milw0rm.com/exploits/3267
In the Geeklog distribution, we have the following from
Geeklog-2.x/system/libraries/Geeklog/MVCnPHP/BaseView.php:
require $glConf['path_libraries'] . 'Geeklog/MVCnPHP/ViewInterface.php';
which is the first statement.
However, this comes from some package called "MVCnPHP" which has some
close relationship with Geeklog but is separate:
http://freshmeat.net/projects/mvcnphp/
which says "MVCnPHP stands for Model-View-Controller in PHP. It is an
implementation of the MVC design pattern for use in PHP applications."
... and downloading 3.0.0 of this MVCnPHP produces a BaseView.php
which, upon removing spaces and CRLF inconsistencies, is exactly the
same as that which is in Geeklog.
So we can add this to our list of modules whose ease-of-integration
makes opportunities for ease-of-exploitation. Whether the blame lies
with Geeklog or MVCnPHP is not immediately clear.
- Steve
More information about the VIM
mailing list