[VIM] probably false: xodagallery execution claim
Steven M. Christey
coley at mitre.org
Thu Apr 12 18:45:03 UTC 2007
Ref: xodagallery Remote Code Execution Vulnerability
Extracted code is:
switch ($_GET['cmd']) line 64
Source inspection did not find a vulnerable use of cmd within this
file. The above switch tests for constant values of $_GET['cmd'].
There are some leading require's, but they seem pretty shallow.
Grep throughout the entire system doesn't produce any "cmd" matches of
Since a lot of PHP code shells support "cmd", maybe this was tested
against a previously hacked application with a backdoor in it.
Assuming it was tested.
More information about the VIM