[VIM] Oddness - CoreNews 2.0.1 Remote Command Exucetion

George A. Theall theall at tenablesecurity.com
Mon Mar 13 21:15:00 EST 2006

Steven M. Christey wrote:

> Could this be a site-specific issue that is unrelated to CoreNews?  Or
> maybe there's a modified version that's also called "2.0.1" ?

There are a couple of addons for CoreNews available here:


The next-page and page-direktlinks hacks seem to add the functionality:


through changes to shownews.php. Also worth noting is the presence of an
eval() in the original source, although it seems like most of the mods
from these two addons occur *after* the eval. Then again,

> Or maybe there's only so much you can see from a casual source
> inspection :)

At least you have the source - <http://www.php-spezial.de/> isn't
working for me.

P.S. I'm new to the list and hope I'm not violating protocol by jumping
in like this.

theall at tenablesecurity.com

More information about the VIM mailing list