[VIM] Source verify of mg.applanix RFI
Steven M. Christey
coley at mitre.org
Wed Dec 6 17:23:26 EST 2006
whoops, looks like that Bugtraq post was a couple days after a milw0rm
post:
http://www.milw0rm.com/exploits/2794
which included two more vectors.
1) act/act_check_access.php : verified
require( $apx_root_path.'db/access_rights.php' );
is the first statement in the program.
2) dsp/dsp_form_booking_ctl.php : verified
require( $apx_root_path.'qry/qry_form_customer.php' );
is the second statement in the program, coming after an unrelated
assignment.
And, well, you can download the code to find a bunch more vectors,
too.
- Steve
More information about the VIM
mailing list