[VIM] Free Articles Directory - file inclusion, code execution?
jzlatin at ramat.cc
Wed Mar 22 07:46:38 EST 2006
On Wed, 22 Mar 2006, security curmudgeon wrote:
> Original disclosure isn't very clear, but the sample looks like it is passing
> arbitrary commands to be executed:
> http://[target]/index.php?page=evilcode?&cmd=uname -a
> Secunia is calling this local/remote file inclusion. Clarification or
> different issue?
Looks to me like a clarification, meaning:
opens and runs the php script (note the following code in index.php
I was unable to run uname -a or any other command I tried via the cmd
command, but that is probably because the 'cmd' variable is defined as
the result of the following SQL query:
SELECT * FROM document_master where doc_title='".$_GET["pagedb"].
More information about the VIM