[VIM] PHP-Fusion Local File Inclusion Vulnerability

George A. Theall theall at tenable.com
Mon Aug 16 09:05:31 CDT 2010

Exploit DB 14647 / Bugtraq 42456 cover a supposed local file include  
vulnerability in PHP-Fusion (possibly just an Arabic-language  
version). An attacker reportedly calls the maincore.php file directly  
and uses the 'folder_level' parameter to control which file is  
included. That's the theory, at least. Here's the snippet of code  
quoted by MoDaMeR in the advisory:

    // Locate config.php and set the basedir path
   $folder_level = ""; $i = 0;
   while (!file_exists($folder_level."config.php")) {
       $folder_level .= "../"; $i++;
       if ($i == 5) { die("Config file not found"); }
   require_once $folder_level."config.php";
   define("BASEDIR", $folder_level);

'$folder_level' is hardcoded as one or more directory traversal  
sequences. It doesn't look exploitable to me, at least as MoDaMeR  

theall at tenablesecurity.com

More information about the VIM mailing list