[VIM] verify Wikiwig wk_lang.php file inclusion

Steven M. Christey coley at mitre.org
Wed Jun 7 00:23:44 EDT 2006

ref: http://www.milw0rm.com/exploits/1883

Figured I'd check out the claims since Kacper has been showing up more

from the download for version 4_1, here is the relevant stuff from

   if(isset($WK)) {
       $dir_langs = $WK['wkPath'].$WK['systemDir'].'/lang/';
       $file_lang = $dir_langs.$WK['lang'].'.php';
       if(!@is_file($file_lang)){ // language file not available
           $WK['lang'] = 'fr'; // use default french
           require_once $dir_langs.$WK['lang'].'.php';
       else // retrieves language defs
           require_once $file_lang;

This code is at the top, so this file probably expects to be included
by other files.  A direct request with a modified $WK['wkPath'] seems

By the way - lately I've been suspecting that most PHP file inclusion
issues, and possibly other vulns we see so much in PHP apps, are
enabled by direct requests to files that were never intended to be
accessed directly.

- Steve

More information about the VIM mailing list