[VIM] false: Agermenu 0.03
Steven M. Christey
coley at linus.mitre.org
Wed Feb 7 18:27:09 EST 2007
FRSIRT:ADV-2007-0512 mentions 0.03 as vulnerable to rootdir in
examples/inc/top.inc.php. This vector was published for 0.01 in
http://www.milw0rm.com/exploits/3280, a different disclosure than what
str0ke just mentioned.
This looks legit for 0.03 too:
examples/inc/top.inc.php
[first mention]
$sysvar_copyright_url=$rootdir."about/licenses/";
...
if (file_exists($rootdir."inc/agermenu.func.php")) {
$agermenufuncfile=$rootdir."inc/agermenu.func.php";
}
# The new default place (from version 0.03) for
# the agermenu.func.php file
if (file_exists($rootdir."agermenu/agermenu.func.php")) {
$agermenufuncfile=$rootdir."agermenu/agermenu.func.php";
}
# Only include if the agermenu.func.php file exists
if (file_exists($agermenufuncfile)) {
include $agermenufuncfile;
- Steve
More information about the VIM
mailing list