[VIM] Bogus: mxBB Module mx_glance 2.3.3 Remote File Include Vulnerability

str0ke str0ke at milw0rm.com
Mon Oct 1 01:35:17 UTC 2007


Check out where the /* starts and */ ends.  Must of been a coding
mistake but the vulnerability is there.

/str0ke

George A. Theall wrote:
> Milw0rm 4470 / Bugtraq 25866 seems bogus to me -- looking at the copy
> of contrib/mx_glance_sdesc.php included in
> http://www.mx-system.com/modules/mx_pafiledb/dload.php?action=download&file_id=336
> shows this:
>
>                           ---- snip, snip, snip ----
> <?php
> /**
> *
> * @package mxBB Portal Module - mx_glance
> * @version $Id: mx_glance.php,v 2.3.3 2007/01/31 11:58:22 OryNider Exp $
> ...
> if( !defined('IN_PORTAL') || !is_object($mx_block))
> {
>         die("Hacking attempt");
> }
>                           ---- snip, snip, snip ----
>
> So direct calls to the affected script will fail.
>
>
> George


More information about the VIM mailing list