[VIM] Slooze PHP Web Photo Album v0.2.7 Command Execution Vulnerability
George A. Theall
theall at tenablesecurity.com
Mon May 10 18:14:46 UTC 2010
Exploit DB 12515 / Bugtraq 39948 looks bogus to me. Sn!pEr.S!Te
hacker's advisory has this:
system('del "' . $this->cachePath . $file . '"'); /* Windows
platforms */
line :1003
Yet if you look at the actual code, either linked in via the Exploit
DB advisory or in version 0.2.7 from SourceForge directly, here's what
you find around that line:
/* private: clear the cache */
function cacheClear() {
if ($handle = opendir($this->cachePath)) {
while ($file = readdir($handle)) {
/* if is cache file */
if(ereg('.+\.tmp$', $file)) {
unlink($this->cachePath . $file);
// system('del "' . $this->cachePath . $file . '"'); /*
Windows platforms */
}
}
closedir($handle);
}
}
Looking at the larger snippet, it doesn't look exploitable as Sn!pEr.S!
Te hacker suggests, does it?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list