[VIM] false: old Jobline RFI
Steven M. Christey
coley at mitre.org
Wed Feb 14 13:56:49 EST 2007
Researcher: SpC-x
Ref: BUGTRAQ Jobline 1 1 1 Version - Remote File Include Vulnerability
http://www.securityfocus.com/archive/1/archive/1/436990/30/4440/threaded
Vector: admin.jobline.php?mosConfig_absolute_path=[RFI]
admin.jobline.php in Jobline Component 1.1.1, as obtained from
http://scripts.ringsworld.com/classified-ads/jobline-1-1-1/, starts
off with:
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
This product was released around October 2005, so if there's a vuln,
it's in an older version.
- Steve
More information about the VIM
mailing list