[VIM] weird: YaPig 0.95b RFI on milw0rm

str0ke str0ke at milw0rm.com
Fri May 4 01:31:20 UTC 2007

Check it now.


On 5/3/07, Steven M. Christey <coley at mitre.org> wrote:
> str0ke,
> milw0rm 3834 doesn't seem to be an exploit, it's just a verbatim copy
> of the file add_comment.php, as I obtained from yapig 0.95b download
> at http://sourceforge.net/project/showfiles.php?group_id=93674
> Surface-level analysis might indicate file overwriting or RFI related
> to BASE_DIR or TEMPLATE_DIR, but those variables are defined to
> constant values in config.php.
> Any clarification?
> - Steve

More information about the VIM mailing list