[VIM] true: SimpCMS Light RFI

Steven M. Christey coley at mitre.org
Thu Apr 12 17:55:00 UTC 2007

Researcher: Dr.RoVeR
Ref: http://www.milw0rm.com/exploits/3705

index.php calls functions.php, which itself contains:

  if (isset($_GET[site]))
    $site= "home";

Later in index.php, we see the 'include $site.".php"' referenced by
the researcher.

So, in this case, it looks like we don't need register_globals.

- Steve

More information about the VIM mailing list