[VIM] true w/caveat: GeekLog glConf[path_libraries] RFI

Steven M. Christey coley at mitre.org
Wed Feb 7 01:02:00 EST 2007


Researcher: GolD_M(Mahmnood_ali)
Ref: http://www.milw0rm.com/exploits/3267

In the Geeklog distribution, we have the following from
Geeklog-2.x/system/libraries/Geeklog/MVCnPHP/BaseView.php:

  require $glConf['path_libraries'] . 'Geeklog/MVCnPHP/ViewInterface.php';

which is the first statement.

However, this comes from some package called "MVCnPHP" which has some
close relationship with Geeklog but is separate:

  http://freshmeat.net/projects/mvcnphp/

which says "MVCnPHP stands for Model-View-Controller in PHP. It is an
implementation of the MVC design pattern for use in PHP applications."

... and downloading 3.0.0 of this MVCnPHP produces a BaseView.php
which, upon removing spaces and CRLF inconsistencies, is exactly the
same as that which is in Geeklog.

So we can add this to our list of modules whose ease-of-integration
makes opportunities for ease-of-exploitation.  Whether the blame lies
with Geeklog or MVCnPHP is not immediately clear.

- Steve


More information about the VIM mailing list