[VIM] true: Vistered Little 1.6a directory traversal
str0ke
str0ke at milw0rm.com
Wed May 30 18:36:44 UTC 2007
Steven,
Added the %00 at the end, thanks for the catch.
/str0ke
On 5/30/07, Steven M. Christey <coley at mitre.org> wrote:
>
> Researcher: Mahmood_ali
> Ref: http://www.milw0rm.com/exploits/3999
>
> from common.css.php:
>
> if( isset( $_REQUEST[ 'skin' ] ) )
> {
> $skin = $_REQUEST[ 'skin' ];
> }
> ...
> @readfile( $skin . '.css' );
>
>
> Presumably, the exploit URL given in the milw0rm item would need a
> trailing %00 byte.
>
> - Steve
>
More information about the VIM
mailing list