[VIM] false: Agermenu 0.03

Steven M. Christey coley at linus.mitre.org
Wed Feb 7 18:27:09 EST 2007

FRSIRT:ADV-2007-0512 mentions 0.03 as vulnerable to rootdir in
examples/inc/top.inc.php.  This vector was published for 0.01 in
http://www.milw0rm.com/exploits/3280, a different disclosure than what
str0ke just mentioned.

This looks legit for 0.03 too:


  [first mention]


    if (file_exists($rootdir."inc/agermenu.func.php")) {

  # The new default place (from version 0.03) for
  # the agermenu.func.php file
  if (file_exists($rootdir."agermenu/agermenu.func.php")) {

  # Only include if the agermenu.func.php file exists
  if (file_exists($agermenufuncfile)) {
    include $agermenufuncfile;

- Steve

More information about the VIM mailing list