[VIM] Igloo DoublSpeak vuln

Sullo sullo at cirt.net
Sun Jul 23 11:31:05 EDT 2006



Since this guy posted
(http://archives.neohapsis.com/archives/bugtraq/2006-06/0184.html) I
checked out the source and confirmed he's right. The "advisory" author
didn't bother to read more source or, I bet, even try it...

>From index.php:
    require 'config.inc';
    require $config[private].'/storyfun.inc';
    require $config[private].'/local.inc';

Looks vuln, maybe?  Except in the config.inc it says:
  'private' => '/www/mrpenguin.org/devel/private',

So...  I don't see a path for exploit.

Now, if config.inc is in your web root... that's a different problem as
it has your mysql db connection info it.  Also, I think the scripts
relies on register globals as I see a lot of values being used in SQL
that aren't defined and don't have any input validation on them... you
know what that means--but I don't have time right now to dig into this



http://www.cirt.net/      |     http://www.osvdb.org/

More information about the VIM mailing list