[VIM] PHP file inclusions in PHP Developer Library 1.5.3 (some disputed)

Heinbockel, Bill heinbockel at mitre.org
Mon Oct 23 09:43:26 EDT 2006

In the past 2 weeks there have been 3 separate issues
involving the Softerra PHP Developer Library 1.5.3:

(1) http://www.milw0rm.com/exploits/2511
(2) http://www.milw0rm.com/exploits/2520
(3) BUGTRAQ:20061020 PHPLibrary-1.5.3(Description.php) Remote File

Upon brief source code inspection, the first two appear to be

The third issue, appears to be a lack of research on
the part of the reporter (due to grep or Google Code Search).
The distribution as of 20061023 does not contain a file called
Description.php. It does, however, contain a Description file
(no file extension) which does contain the reported line (line 253):
>     include ($lib_dir . "sqlstorage.class.php");

However there is no clear way to get this file to be handled by the
PHP interpreter (mod_php or similar).

William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org

More information about the VIM mailing list