[VIM] probably false: xodagallery execution claim
Steven M. Christey
coley at mitre.org
Thu Apr 12 18:45:03 UTC 2007
Researcher: the_3dit0r
Ref: xodagallery Remote Code Execution Vulnerability
http://www.securityfocus.com/archive/1/archive/1/465088/100/0/threaded
Extracted code is:
switch ($_GET['cmd']) line 64
Source inspection did not find a vulnerable use of cmd within this
file. The above switch tests for constant values of $_GET['cmd'].
There are some leading require's, but they seem pretty shallow.
Grep throughout the entire system doesn't produce any "cmd" matches of
interest.
Since a lot of PHP code shells support "cmd", maybe this was tested
against a previously hacked application with a backdoor in it.
Assuming it was tested.
- Steve
More information about the VIM
mailing list