[VIM] true: firefly RFI, both doc_root and DOCUMENT_ROOT

Steven M. Christey coley at mitre.org
Wed May 2 16:47:40 UTC 2007


Researcher: Alkomandoz Hacker
Ref: http://www.milw0rm.com/exploits/3805

localize.php has:

    default :
     include $doc_root."/modules/admin/include/en.all_messages.php";
     include $doc_root."/modules/admin/include/en.all_messages2.php";

config.php has:

   include $doc_root."/modules/admin/include/applid.php";
   include $doc_root."/modules/admin/include/admin_sql.php";
   include $doc_root."/modules/admin/include/admin_displays.php";
   include $doc_root."/include/grant.php";
   include $doc_root."/modules/admin/include/localize.php";


Ref: FRSIRT:ADV-2007-1554

This reference mentions a separate DOCUMENT_ROOT vector in config.php,
and sure enough:

   include $DOCUMENT_ROOT."/config.php";


- Steve


More information about the VIM mailing list