[VIM] Pluck 4.6.2 (langpref) Local File Inclusion Vulnerabilities

str0ke str0ke at milw0rm.com
Mon May 18 20:36:56 UTC 2009


Steven M. Christey wrote:
> While I'm sharing - add show_source and highlight_file to your list of
> dangerous LFI functions.  These are intended to perform syntax
> highlighting of PHP program files, but they let regular files through just
> fine.  CVE-2009-1653 / MILW0RM:8667 has this.  Does anybody know of any
> earlier vulnerability report of this function?
>
> - Steve
>   

Not sure on show_source but the highlight_file function listed in 2008.

http://milw0rm.com/exploits/5394
http://milw0rm.com/exploits/5420



More information about the VIM mailing list