[VIM] Possibly Bogus: Seditio v121 (plug.php h) Remote File Disclosure Vulnerability

str0ke str0ke at milw0rm.com
Sat May 12 01:59:42 UTC 2007


I lacked testing his work on this one, on your test bed was magic quotes = off?


On 5/11/07, George A. Theall <theall at tenablesecurity.com> wrote:
> I *think* milw0rm 3904 is bogus. The problem is that various parameters,
> including 'h', are sanitized at the start of
> 'system/core/plug/plug.inc.php' of non-alphanumeric characters via calls
> to sed_import(), effectively removing directory traversal sequences. The
> PoC definitely doesn't work on an install I have of v110, and the code
> seems much the same in v121. Still, it's late so perhaps I'm just
> overlooking something. Anyone else?
> George
> --
> theall at tenablesecurity.com

More information about the VIM mailing list