[VIM] weird: YaPig 0.95b RFI on milw0rm

str0ke str0ke at milw0rm.com
Fri May 4 01:31:20 UTC 2007


Check it now.

/str0ke

On 5/3/07, Steven M. Christey <coley at mitre.org> wrote:
>
> str0ke,
>
> milw0rm 3834 doesn't seem to be an exploit, it's just a verbatim copy
> of the file add_comment.php, as I obtained from yapig 0.95b download
> at http://sourceforge.net/project/showfiles.php?group_id=93674
>
> Surface-level analysis might indicate file overwriting or RFI related
> to BASE_DIR or TEMPLATE_DIR, but those variables are defined to
> constant values in config.php.
>
> Any clarification?
>
> - Steve
>


More information about the VIM mailing list