[VIM] true: Vistered Little 1.6a directory traversal

str0ke str0ke at milw0rm.com
Wed May 30 18:36:44 UTC 2007


Steven,

Added the %00 at the end, thanks for the catch.

/str0ke

On 5/30/07, Steven M. Christey <coley at mitre.org> wrote:
>
> Researcher: Mahmood_ali
> Ref: http://www.milw0rm.com/exploits/3999
>
> from common.css.php:
>
>   if( isset( $_REQUEST[ 'skin' ] ) )
>   {
>         $skin = $_REQUEST[ 'skin' ];
>   }
>   ...
>   @readfile( $skin . '.css' );
>
>
> Presumably, the exploit URL given in the milw0rm item would need a
> trailing %00 byte.
>
> - Steve
>


More information about the VIM mailing list