[VIM] Possibly Bogus: Seditio v121 (plug.php h) Remote File Disclosure Vulnerability
George A. Theall
theall at tenablesecurity.com
Sat May 12 01:19:37 UTC 2007
I *think* milw0rm 3904 is bogus. The problem is that various parameters,
including 'h', are sanitized at the start of
'system/core/plug/plug.inc.php' of non-alphanumeric characters via calls
to sed_import(), effectively removing directory traversal sequences. The
PoC definitely doesn't work on an install I have of v110, and the code
seems much the same in v121. Still, it's late so perhaps I'm just
overlooking something. Anyone else?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list