[VIM] osTicket 1.6 - Local File Inclusion

Steven M. Christey coley at linus.mitre.org
Tue Nov 9 17:40:23 CST 2010


It would be good if Exploit-DB followed the practices that str0ke did with 
milw0rm (on CVE and OSVDB's request) by leaving some kind of note about 
what happened with the entry, instead of deleting it outright.  This helps 
when you run across a broken URL 6 months later and you wonder if you had 
a typo or a duplicate or whatever.

- Steve


On Tue, 9 Nov 2010, Steve Tornio wrote:

> On Tue, Nov 9, 2010 at 8:26 AM, George A. Theall <theall at tenable.com> wrote:
>> Bugtraq ID 44739 / Exploit DB 15471 cover a local file inclusion issue
>> reported by d3v11 and affecting the 'module.php' script in osTicket 1.6. The
>> sample PoC SecurityFocus gives is:
>
> Exploit-DB yanked this one a little while ago. Apparently, it was
> approved in error.
>
>>
>> Btw, the EDB advisory says the issue's been verified. What exactly does that
>> mean? Who's verified the vulnerability and how was it done?
>>
>


More information about the VIM mailing list