[VIM] Source VERIFY - speedberg RFI

Steven M. Christey coley at mitre.org
Mon Oct 23 15:57:40 EDT 2006


Researcher: k1tk4t

Issue: speedberg 1.2beta1 RFI
    http://www.securityfocus.com/archive/1/archive/1/449468/100/0/threaded

k1tk4t lists the following vulnerable files:

  entrancePage.tpl.php
  generalToolBox.tlb.php
  myToolBox.tlb.php
  scriplet.inc.php
  simplePage.tpl.php
  speedberg.class.php
  standardPage.tpl.php

Source code inspection of the 1.2beta1 package (URL referenced in the
original advisory) shows that all the aforementioned files have the
following code in the first line:

  require_once($SPEEDBERG_PATH."include/speedberg.class.php");

speedberg.class.php itself has:

  require_once($SPEEDBERG_PATH."config/general.inc.php");
  require_once($SPEEDBERG_PATH."include/settings.inc.php");
  require_once($SPEEDBERG_PATH."include/sitemap.class.php");


- Steve


More information about the VIM mailing list