[VIM] Remote File Inclusion: it's not just for PHP anymore
Steven M. Christey
coley at mitre.org
Mon Jul 30 16:31:07 UTC 2007
I thought this was interesting:
MILW0RM:4226
http://www.milw0rm.com/exploits/4226
It's an ActiveX control with an absolute path traversal vulnerability,
probably stemming from unrestricted/unauthenticated access to a
powerful method (these kinds of problems are giving me minor fits in
terms of how to classify them).
The "GetToFile" method apparently accepts a URL and a target filename
as arguments.
Come to think of it, I bet you see this in a lot of ActiveX controls
that either (1) perform installation or updates for a product, or (2)
do a lot of heavy file transfers back and forth.
- Steve
More information about the VIM
mailing list