[VIM] Savant2 oddity

security curmudgeon jericho at attrition.org
Mon Sep 11 02:10:23 EDT 2006


http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html

>>> Script : Savant2

>>> Site : www.phpsavant.com

/**
* Base plugin class.
*/
global $mosConfig_absolute_path;
require_once 
$mosConfig_absolute_path.'/components/com_mtree/Savant2/Plugin.php';

/**


--

What am I missing here..

wget http://phpsavant.com/Savant2-2.4.3.tgz
tar xfz Savant2-2.4.3.tgz
cd Savant2-2.4.3
find . -type f -exec grep -H -i mosConfig {} \;

to verify my find syntax works:

forced /tmp/Savant2-2.4.3# find . -type f -exec grep -H -i eichorn {} \;
./Savant2/PHPCodeAnalyzer.php:* @author Joshua Eichorn <josh at bluga.net>
./Savant2/PHPCodeAnalyzer.php:* @copyright      Joshua Eichorn 2004
./Savant2/PHPCodeAnalyzer.php:* @copyright      Joshua Eichorn 2004
./Savant2/PHPCodeAnalyzer.php:* @author Joshua Eichorn <josh at bluga.net>
forced /tmp/Savant2-2.4.3#


So it appears there are zero occurances of the 'mosConfig_absolute_path' 
variable in the deafult Savant2 package? But, if you search Google for the 
first file listed as vulnerable (Savant2_Compiler_basic.php), you get 
this:

http://phpsavant.com/api/Savant2/Savant2/_Savant2_Savant2_Compiler_basic_php.html

forced /tmp/Savant2-2.4.3# find . -type f -name \*compiler\* -print
forced /tmp/Savant2-2.4.3#

Subsequent google searches suggest that all of this is part of the Savant2 
package though. Ideas?


More information about the VIM mailing list