[VIM] FALSE -> DynamicPAD HomeDir RFI

str0ke str0ke at milw0rm.com
Tue May 8 13:32:01 UTC 2007


I don't have the source code to go back over 1.02 but it did seem
vulnerable before.

Their site states.
A dangerous vulnerability has been detected in DynamicPAD 1.02. We
strongly suggest that you  upgrade to the latest version as soon as
possible!

/str0ke

On 5/8/07, Heinbockel, Bill <heinbockel at mitre.org> wrote:
> MILW0RM:3868
> SECUNIA:25176
> FRSIRT:ADV-2007-1681
> BID:23861
>
> The second line (before any use of $HomeDir) in index.php and
> dp_logs.php:
> >  require_once( "dp_conf.php" );
>
>
> The first lines in dp_conf.php read:
> >  Error_Reporting(0);
> >
> >  if ( file_exists( "dp_conf.php.inc" ) ) {
> >    include( "dp_conf.php.inc" );
> >  } else die( '<center>Unable to find dp_conf.php.inc</center>' );
>
>
> And, the third instruction in INSTALL.txt reads:
> > Rename "dp_conf.php.inc.default" into "dp_conf.php.inc" and
> > "dp_conf.dat.default" into "dp_conf.dat".
>
> Finally, of course, in the packaged dp_conf.php.inc.default file (line
> 12):
> >  $HomeDir           = "";
>
>
> So, if the user follows the installation instructions, there is no RFI.
> If the user forgets the "install", the software dies. No vulnerability.
>
>
> William Heinbockel
> Infosec Engineer, Sr.
> The MITRE Corporation
> 202 Burlington Rd. MS S145
> Bedford, MA 01730
> heinbockel at mitre.org
> 781-271-2615
>


More information about the VIM mailing list