[VIM] Vendor dispute for CAN-2005-1181 (Ariadne PHP file include)
jericho at attrition.org
Tue Jul 5 17:21:10 EDT 2005
: Vendor dispute for CAN-2005-1181.
: I downloaded the source code - still 2.4 - and verified that both
: "ariadne.inc-unix" and "ariadne.inc-win" in the www directory -
: presumably one of them is renamed to ariadne.inc on install - sets the
: $ariadne variable before any require/includes occur in loader.php.
: The original research was probably a grep-and-gripe. Suddenly I feel
: like writing an editorial on the apparent rise of grep-and-gripe
: vulnerability reporting...
Well, i'm glad you checked this as the mail from the vendor to me was
very confusing and conflicting in his wording.
I'll remove it from OSVDB today, or update it as myth/fake, and contact
the vendor as well.
More information about the VIM