[VIM] CONFIRM: OTSCMS file inclusions - PHP5 __autoload

Heinbockel, Bill heinbockel at mitre.org
Wed Oct 25 10:47:47 EDT 2006


OTSCMS is written for PHP 5. The vulnerable code for each
of the 3 exploits resembles the following (from 1.4.0):

// function for automatic loading class
function __autoload($class)
. $class . '.php');

In PHP5, the __autoload function is used to signal the PHP interpreter
how to load an unrecognized PHP object. So, if there is any class used
later that is not in an already included file, the __autoload function
will be automatically called. So on line 38, there is:

    // initializes SQL database connection
    $sql = new SQL($config['sql']['host'], $config['sql']['user'],
$config['sql']['password'], $config['sql']['database'],

Therefore, __autoload will be called when the interpreter reaches this

William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org

More information about the VIM mailing list