[VIM] Dispute of GeoBB RFI

Steven M. Christey coley at mitre.org
Wed Jan 10 19:53:37 EST 2007


Researcher: ShaFuq31

Ref: GeoBB Georgian Bulletin Board Remote File Include Vuln.
     http://www.securityfocus.com/archive/1/archive/1/456251/100/0/threaded

Claim:

  require($action.'.php');

In the Public First Release recent version - and the only one
available since December 2006, apparently:

  http://sourceforge.net/project/showfiles.php?group_id=184089

we have some whitelisting of the intended action, which enters the
program as $a:

   if (!isset($a) ||
       !in_array($a, array ('login','logout','register','vforum','vtopic','forgotpass','usercp',
                            'editpost','delpost','toggletopic','movetopic','deltopic','edittopic',
                            'forumjump','member','search', 'viewip')))
     $action = 'board';
   else
     $action = $a;


So, any use of $action on the URL is set to a whitelisted value at
this point.


- Steve


More information about the VIM mailing list