[VIM] True: XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability

George A. Theall theall at tenablesecurity.com
Wed Jun 13 17:55:00 UTC 2007

On 06/13/07 13:52, Steven M. Christey wrote:

> Is authentication controlled by a variable setting?  If so, then maybe an
> exploit could be made to overwrite that variable and bypass
> authentication, too.

The authentication check happens before GPC variables are extracted.

theall at tenablesecurity.com

More information about the VIM mailing list