[VIM] ClanSys issue might be eval injection, not file inclusion
Steven M. Christey
coley at mitre.org
Tue May 2 17:31:42 EDT 2006
Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability.
This looks like eval injection, not file inclusion, as most VDBs seem
to be claiming.
from the post:
You can found vulnerable code at line 126 as an
eval("?>" . $output);
Purely nice coding isn't it?;)
That's a funny-looking eval to me with the "?>" starting out, but
presumably the $page variable feeds into $output.
Where people got tripped up on file inclusion was in the demonstration
Note that the page parameter actually uses PHP <?> sequences to
execute the include statement. Using the code above, we would have:
eval("?>" . "<?include($s);?>");
Turns out that the leading "?>" is a hint to eval() to support parsing
of "<?" and "?>" sequences - otherwise you'd get a parse error. Cute.
More information about the VIM