[VIM] Dispute of GeoBB RFI
Steven M. Christey
coley at mitre.org
Wed Jan 10 19:53:37 EST 2007
Researcher: ShaFuq31
Ref: GeoBB Georgian Bulletin Board Remote File Include Vuln.
http://www.securityfocus.com/archive/1/archive/1/456251/100/0/threaded
Claim:
require($action.'.php');
In the Public First Release recent version - and the only one
available since December 2006, apparently:
http://sourceforge.net/project/showfiles.php?group_id=184089
we have some whitelisting of the intended action, which enters the
program as $a:
if (!isset($a) ||
!in_array($a, array ('login','logout','register','vforum','vtopic','forgotpass','usercp',
'editpost','delpost','toggletopic','movetopic','deltopic','edittopic',
'forumjump','member','search', 'viewip')))
$action = 'board';
else
$action = $a;
So, any use of $action on the URL is set to a whitelisted value at
this point.
- Steve
More information about the VIM
mailing list