[VIM] true: Vistered Little 1.6a directory traversal

Steven M. Christey coley at mitre.org
Wed May 30 18:35:35 UTC 2007


Researcher: Mahmood_ali
Ref: http://www.milw0rm.com/exploits/3999

from common.css.php:

  if( isset( $_REQUEST[ 'skin' ] ) )
  {
  	$skin = $_REQUEST[ 'skin' ];
  }
  ...
  @readfile( $skin . '.css' );


Presumably, the exploit URL given in the milw0rm item would need a
trailing %00 byte.

- Steve


More information about the VIM mailing list