[VIM] true: 1024 CMS LFI: fun protection scheme failure

Steven M. Christey coley at mitre.org
Fri May 4 00:26:47 UTC 2007

Ref: MILW0RM:3832
Researcher: Dj7xpl

This manipulation caught the eye of one of our analysts:


Is "../uploads/" really needed?

Turns out that it *is* needed (or anything of length 11):

  //Prevent hacker attacks
  $path = "../uploads/";
  $filename = substr($_GET['item'], 11);
  $filename = $path.$filename;

Hmmm, "../uploads/" is length 11!



It's not clear to me what attack the programmer was trying to prevent
here, but it's interesting.  To me anyway ;-)

- Steve

More information about the VIM mailing list