[VIM] weird: YaPig 0.95b RFI on milw0rm
Steven M. Christey
coley at mitre.org
Thu May 3 22:58:51 UTC 2007
str0ke,
milw0rm 3834 doesn't seem to be an exploit, it's just a verbatim copy
of the file add_comment.php, as I obtained from yapig 0.95b download
at http://sourceforge.net/project/showfiles.php?group_id=93674
Surface-level analysis might indicate file overwriting or RFI related
to BASE_DIR or TEMPLATE_DIR, but those variables are defined to
constant values in config.php.
Any clarification?
- Steve
More information about the VIM
mailing list