[VIM] true but: SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability

str0ke str0ke at milw0rm.com
Thu Feb 1 10:15:43 EST 2007

The program is vulnerable: $config[sipssys] is the first line of code
in the file box.inc.php.

But the documentation states.

Unpack the sips archive file. Sips requires a special directory where it
stores all kinds of data such as users, stories and php code. This directory
can be anywhere, but if you can, you should place it outside of the public
html area of the server, for security reasons.

So its kind of a coin toss up.



include $config["sipssys"] ."/code/rssparser.inc.php";


More information about the VIM mailing list