[VIM] false: old Develooping Flash Chat RFI

Steven M. Christey coley at mitre.org
Wed Feb 14 02:32:22 EST 2007

Researcher: SpC-x

Ref: Develooping Flash Chat (banned_file) Remote File Inclusion

Claimed exploit:


Source inspection of versions 1.2, 1.5, and 1.6.5, as downloaded from
www.vclcomponents.com, showed the following code:

  require ('required/config.php');
  $banned_file = "required/banned_ip.txt";
  if (($name==$admin_name) and ($password==$admin_password)){
    $lines = file($banned_file);

config.php had nothing but variable declarations.

- Steve

More information about the VIM mailing list