[VIM] true: firefly RFI, both doc_root and DOCUMENT_ROOT
Steven M. Christey
coley at linus.mitre.org
Wed May 2 19:13:04 UTC 2007
On Wed, 2 May 2007, str0ke wrote:
> Doesn't $DOCUMENT_ROOT default to $_SERVER[DOCUMENT_ROOT]; when
> register globals = on? Atleast it does on my php4 / php5 test boxes.
More stuff I didn't really know... thanks!
Works on my PHP 4.4.4...
I think FrSIRT sometimes monitors this list. Maybe they can clarify?
NOW... maybe $doc_root on config.php is wrong, too.
modules/admin/include/config.php has:
include $DOCUMENT_ROOT."/config.php";
include $doc_root."/modules/admin/include/applid.php";
So - if $DOCUMENT_ROOT is properly defined - it looks like this might
include the config.php in firefly's root directory, which has:
$doc_root="/var/www/firefly";
BUT... as discussed in previous VIM posts... if the include with the
$DOCUMENT_ROOT fails, then the program continues anyway, and the $doc_root
isn't defined. So we definitely care about whether $DOCUMENT_ROOT can be
controlled or not.
localize.php is definitely still bad. The code I quoted is the default
for a top-level switch call without any preceding code.
- Steve
More information about the VIM
mailing list