[VIM] true: AGENCY4NET WEBFTP directory traversal; deletion possible

Steven M. Christey coley at mitre.org
Fri Jan 4 00:14:01 UTC 2008

(Happy New Year, all!)

Ref: MILW0RM:4828
Researcher: TrYaG-TeaM [Tryag.com/cc]  (I guess)

download.php invokes download2.php with a file parameter, so
register_globals is assumed/required.  $file is not checked in the
"config.inc.php" that's included by download2.php.

download2.php later calls:


So, the impact also appears to be file deletion when permissions
allow.  Deletion was not mentioned in the original disclosure.

- Steve

More information about the VIM mailing list