[VIM] RSSMini Exploit -- Probably Not
str0ke
str0ke at milw0rm.com
Thu Feb 15 15:47:48 EST 2007
Hey brotha,
Your correct, if they install the product correctly then it isn't
vulnerable. Removing it from the exploits section.
/str0ke
On 2/15/07, George A. Theall <theall at tenablesecurity.com> wrote:
> This concerns <http://www.milw0rm.com/exploits/3316>:
>
> I just grabbed the source for rssminifolder
> (http://rssmini.com/rssminifolder.zip). folder/index.php looks like this:
>
> include("config.php"); ^M
> ...
> <div id="ad"><?php include("$url/ads.php"); ?></div>^M
>
> There's no config.php file by default in the folder directory so this
> will work if register_globals is enabled and someone just unzips a copy
> of the software under their document directory. However, to actually
> install it, you're supposed to copy the config.php file from folder's
> parent directory after editing it, and that has this line:
>
> $url = "http://rssmini.com/demo5";^M
>
> I see nowhere in either file where $url can be overwritten by
> user-supplied input.
>
> The other files mentioned in the milw0rm posting behave the same as
> index.php, at least as far as the exploit is concerned.
>
> So in sum, this only looks like a problem if someone hasn't installed
> the software and has register_globals enabled.
>
> P.S: Hope I got it right this time, str0ke. :-)
>
> George
> --
> theall at tenablesecurity.com
>
More information about the VIM
mailing list