[VIM] true: Galmeta Post 0.11 RFI
Steven M. Christey
coley at mitre.org
Thu Oct 18 19:38:00 UTC 2007
Ref: http://arfis.wordpress.com/2007/09/13/rfi-02-galmeta-post/
Context: One of our analysts is looking at arfis posts as time allows.
Their record is about 50/50 in terms of disputes.
In this case, the line quoted in the disclosure is the first
executable line:
require_once ( $DDS . .../adodb_lite/adodb.inc.php.);
The distribution has a .htaccess with a RewriteRule
^([a-zA-Z0-9_\/\-\!\~]*(\&.*)?)$ index.php?$1 that might suggest
protection against direct request, but it's only intended to take odd
URLs without "." characters and post them to index.php.
- Steve
More information about the VIM
mailing list