[VIM] true: Galmeta Post 0.11 RFI

Steven M. Christey coley at mitre.org
Thu Oct 18 19:38:00 UTC 2007

Ref: http://arfis.wordpress.com/2007/09/13/rfi-02-galmeta-post/

Context: One of our analysts is looking at arfis posts as time allows.
Their record is about 50/50 in terms of disputes.

In this case, the line quoted in the disclosure is the first
executable line:

  require_once ( $DDS . .../adodb_lite/adodb.inc.php.);

The distribution has a .htaccess with a RewriteRule
^([a-zA-Z0-9_\/\-\!\~]*(\&.*)?)$ index.php?$1 that might suggest
protection against direct request, but it's only intended to take odd
URLs without "." characters and post them to index.php.

- Steve

More information about the VIM mailing list