[VIM] Pluck Local File Inclusion
George A. Theall
theall at tenablesecurity.com
Mon Jul 14 19:40:47 UTC 2008
Has anyone looked at the advisory about local file include issues in
Pluck (BID 30218 / http://archives.neohapsis.com/archives/bugtraq/2008-07/0106.html)?
It seems like the issues aren't generally exploitable if you call
the affected script directly since the directories embedded in calls
to include() -- "data/inc/lang", "data/content", and "data/blog" --
are located at the base of the application's install directory rather
than under "data/inc/themes". Or do I just mis-understand how PHP sets
the current working directory when calling a script?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list