[VIM] Free Articles Directory - file inclusion, code execution?

security curmudgeon jericho at attrition.org
Wed Mar 22 05:45:03 EST 2006


Original disclosure isn't very clear, but the sample looks like it is 
passing arbitrary commands to be executed:

   http://[target]/index.php?page=evilcode?&cmd=uname -a


Secunia is calling this local/remote file inclusion. Clarification or 
different issue?

More information about the VIM mailing list