[VIM] Possibly Bogus: Seditio v121 (plug.php h) Remote File Disclosure Vulnerability

George A. Theall theall at tenablesecurity.com
Sat May 12 01:19:37 UTC 2007


I *think* milw0rm 3904 is bogus. The problem is that various parameters, 
including 'h', are sanitized at the start of 
'system/core/plug/plug.inc.php' of non-alphanumeric characters via calls 
to sed_import(), effectively removing directory traversal sequences. The 
PoC definitely doesn't work on an install I have of v110, and the code 
seems much the same in v121. Still, it's late so perhaps I'm just 
overlooking something. Anyone else?

George
-- 
theall at tenablesecurity.com


More information about the VIM mailing list