[VIM] true: firefly RFI, both doc_root and DOCUMENT_ROOT
str0ke
str0ke at milw0rm.com
Wed May 2 17:47:19 UTC 2007
Doesn't $DOCUMENT_ROOT default to $_SERVER[DOCUMENT_ROOT]; when
register globals = on? Atleast it does on my php4 / php5 test boxes.
/str0ke
On 5/2/07, Steven M. Christey <coley at mitre.org> wrote:
>
> Researcher: Alkomandoz Hacker
> Ref: http://www.milw0rm.com/exploits/3805
>
> localize.php has:
>
> default :
> include $doc_root."/modules/admin/include/en.all_messages.php";
> include $doc_root."/modules/admin/include/en.all_messages2.php";
>
> config.php has:
>
> include $doc_root."/modules/admin/include/applid.php";
> include $doc_root."/modules/admin/include/admin_sql.php";
> include $doc_root."/modules/admin/include/admin_displays.php";
> include $doc_root."/include/grant.php";
> include $doc_root."/modules/admin/include/localize.php";
>
>
> Ref: FRSIRT:ADV-2007-1554
>
> This reference mentions a separate DOCUMENT_ROOT vector in config.php,
> and sure enough:
>
> include $DOCUMENT_ROOT."/config.php";
>
>
> - Steve
>
More information about the VIM
mailing list