[VIM] smells false: VirtuaNews.Pro RFI

Steven M. Christey coley at mitre.org
Tue May 1 01:47:13 UTC 2007

Researcher: s433d_only_linux
Ref: BUGTRAQ VirtuaNews.Pro.v1.0.3.Retail.+All.Plugins  Remote file Include

Extracted source code says:


but exploit uses the "include" parameter, not $admindirectory.

I don't have time at the moment to investigate further.

- Steve

More information about the VIM mailing list