[VIM] Possibly Bogus: Seditio v121 (plug.php h) Remote File Disclosure Vulnerability

George A. Theall theall at tenablesecurity.com
Sat May 12 01:19:37 UTC 2007

I *think* milw0rm 3904 is bogus. The problem is that various parameters, 
including 'h', are sanitized at the start of 
'system/core/plug/plug.inc.php' of non-alphanumeric characters via calls 
to sed_import(), effectively removing directory traversal sequences. The 
PoC definitely doesn't work on an install I have of v110, and the code 
seems much the same in v121. Still, it's late so perhaps I'm just 
overlooking something. Anyone else?

theall at tenablesecurity.com

More information about the VIM mailing list