[VIM] RSSMini Exploit -- Probably Not

str0ke str0ke at milw0rm.com
Thu Feb 15 15:47:48 EST 2007


Hey brotha,

Your correct, if they install the product correctly then it isn't
vulnerable.  Removing it from the exploits section.

/str0ke

On 2/15/07, George A. Theall <theall at tenablesecurity.com> wrote:
> This concerns <http://www.milw0rm.com/exploits/3316>:
>
> I just grabbed the source for rssminifolder
> (http://rssmini.com/rssminifolder.zip). folder/index.php looks like this:
>
>    include("config.php"); ^M
>    ...
>    <div id="ad"><?php include("$url/ads.php"); ?></div>^M
>
> There's no config.php file by default in the folder directory so this
> will work if register_globals is enabled and someone just unzips a copy
> of the software under their document directory. However, to actually
> install it, you're supposed to copy the config.php file from folder's
> parent directory after editing it, and that has this line:
>
>    $url = "http://rssmini.com/demo5";^M
>
> I see nowhere in either file where $url can be overwritten by
> user-supplied input.
>
> The other files mentioned in the milw0rm posting behave the same as
> index.php, at least as far as the exploit is concerned.
>
> So in sum, this only looks like a problem if someone hasn't installed
> the software and has register_globals enabled.
>
> P.S: Hope I got it right this time, str0ke. :-)
>
> George
> --
> theall at tenablesecurity.com
>


More information about the VIM mailing list