[VIM] FALSE -> DynamicPAD HomeDir RFI
str0ke
str0ke at milw0rm.com
Tue May 8 19:16:51 UTC 2007
Ahh im caching the old .tar here is the vulnerable version that was
downloaded on my end.
/str0ke
On 5/8/07, str0ke <str0ke at milw0rm.com> wrote:
> I'm lost on both of your emails!
>
> On 5/8/07, Steven M. Christey <coley at linus.mitre.org> wrote:
> >
> > On Tue, 8 May 2007, str0ke wrote:
> >
> > > I don't have the source code to go back over 1.02 but it did seem
> > > vulnerable before.
>
> The source code can be accessed at
>
> http://dynamicpad.org/dp.tar.gz
>
> The files are marked as 2006 just as the release. I tested by
> downloading the source from the url and by clicking on the download
> from the page which matched up.
>
> 28 Apr 2006. Version 1.02 released. From now on DynamicPAD should
> install and work smoothly on Windows+IIS servers. Also several
> bugfixes has been made.
>
> And the vulnerability report from the author of the product.
>
> 8 May 2007. A dangerous vulnerability has been detected in DynamicPAD
> 1.02. We strongly suggest that you upgrade to the latest version as
> soon as possible!
>
> head index.php
> <?php
> $AfterLogin = "index.php";
>
> require_once( $HomeDir."dp_conf.php" );
>
> head dp_logs.php
> $AfterLogin = "dp_logs.php";
>
> require_once( $HomeDir."dp_conf.php" );
> require_once( $HomeDir."phemplate.class.php" );
> require_once( $HomeDir."pager.php" );
>
> ?
>
> /str0ke
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dp.tar
Type: application/x-tar
Size: 122880 bytes
Desc: not available
Url : http://www.attrition.org/pipermail/vim/attachments/20070508/059b67e7/attachment-0001.tar
More information about the VIM
mailing list