[VIM] smells false: phpFreeLog RFI

Steven M. Christey coley at mitre.org
Sat Oct 6 16:35:47 UTC 2007

Researcher: KUZ3Y (labeled as "Vendor")


This line is quoted:

  include_once $this->var_dir.$var.'.php';

with this exploit:


First of all, $var_dir is defined to a constant path, so RFI doesn't
look possible.

Secondly, the include_once call is in a class definition, wrapped
within a foreach:

                foreach ($var_types as $var) {

which would overwrite $var.

And, this is within a read_mod() method that appears to be called with
uncontrollable data, but I'm not 100% clear on that.

- Steve

More information about the VIM mailing list