[VIM] false: PhotoStand (plugins.php) Remote File Include Vuln.

Steven M. Christey coley at linus.mitre.org
Wed Feb 7 12:50:14 EST 2007

Previous message: [VIM] false: PhotoStand (plugins.php) Remote File Include Vuln.
Next message: [VIM] false: PhotoStand (plugins.php) Remote File Include Vuln.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 7 Feb 2007, str0ke wrote:

> line: 18 if(is_file($plugins_path . "plugins/" . $plugin ."/plugin.php")
>
> line: 20    include($plugins_path . "plugins/" . $plugin ."/plugin.php");
>
> Not vulnerable.

If $plugins_path or $plugin are attacker-controlled, then are they subject
to ".." or "/abs/path" traversal attacks?

- Steve

Previous message: [VIM] false: PhotoStand (plugins.php) Remote File Include Vuln.
Next message: [VIM] false: PhotoStand (plugins.php) Remote File Include Vuln.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the VIM mailing list