[VIM] Bogus: OpenAds / phpAdsNew RFI

George A. Theall theall at tenablesecurity.com
Mon Aug 13 15:01:19 UTC 2007


Sorry, I can't find the original advisory, but Bugtraq 25277 looks bogus 
to me. Looking at the affected file in either OpenAds 2.0.11-pr1 or 
phpAdsNew 2.0.4 For example, the "affected" code for OpenAds 2.0.11-pr1 
appears to be this:

                               ---- snip, snip, snip ----
function phpAds_geoLookup()
{
         global $phpAds_config, $phpAds_geoPluginID;

         if (!$phpAds_config['geotracking_type'])
                 return;

         // Load plugin
         $phpAds_geoPlugin = 
phpAds_path."/libraries/geotargeting/geo-".$phpAds_config['geotracking_type'].".inc.php";
         if (@file_exists($phpAds_geoPlugin))
         {
                 include_once ($phpAds_geoPlugin);
                               ---- snip, snip, snip ----

The affected variable is only used in this function call. While the 
function is indeed called within the script, I don't see how an attacker 
can control the value via the 'phpAds_geoPlugin' parameter. Or am I just 
missing something?


George
-- 
theall at tenablesecurity.com


More information about the VIM mailing list