[VIM] true: 1024 CMS LFI: fun protection scheme failure
Steven M. Christey
coley at mitre.org
Fri May 4 00:26:47 UTC 2007
This manipulation caught the eye of one of our analysts:
Is "../uploads/" really needed?
Turns out that it *is* needed (or anything of length 11):
//Prevent hacker attacks
$path = "../uploads/";
$filename = substr($_GET['item'], 11);
$filename = $path.$filename;
Hmmm, "../uploads/" is length 11!
It's not clear to me what attack the programmer was trying to prevent
here, but it's interesting. To me anyway ;-)
More information about the VIM