[VIM] weird: YaPig 0.95b RFI on milw0rm
str0ke
str0ke at milw0rm.com
Fri May 4 01:31:20 UTC 2007
Check it now.
/str0ke
On 5/3/07, Steven M. Christey <coley at mitre.org> wrote:
>
> str0ke,
>
> milw0rm 3834 doesn't seem to be an exploit, it's just a verbatim copy
> of the file add_comment.php, as I obtained from yapig 0.95b download
> at http://sourceforge.net/project/showfiles.php?group_id=93674
>
> Surface-level analysis might indicate file overwriting or RFI related
> to BASE_DIR or TEMPLATE_DIR, but those variables are defined to
> constant values in config.php.
>
> Any clarification?
>
> - Steve
>
More information about the VIM
mailing list