[VIM] work system e-commerce?

Stuart Moore smoore at securityglobal.net
Fri Nov 17 13:47:57 EST 2006

Regarding http://www.milw0rm.com/exploits/2752 and Secunia SA22963,

index.php first says:

   include ("include_includes.inc");

which says:

   include 'include_config.php';

which specifies $g_include.

The 'install4.php' script supposedly writes 'include_config.php' based 
on 'include_config_replace.php'.

So, on a properly configured system, this exploit path should not be valid.


More information about the VIM mailing list