[VIM] Bogus: mxBB Module mx_glance 2.3.3 Remote File Include Vulnerability
George A. Theall
theall at tenablesecurity.com
Mon Oct 1 00:10:01 UTC 2007
Milw0rm 4470 / Bugtraq 25866 seems bogus to me -- looking at the copy of
contrib/mx_glance_sdesc.php included in
http://www.mx-system.com/modules/mx_pafiledb/dload.php?action=download&file_id=336
shows this:
---- snip, snip, snip ----
<?php
/**
*
* @package mxBB Portal Module - mx_glance
* @version $Id: mx_glance.php,v 2.3.3 2007/01/31 11:58:22 OryNider Exp $
...
if( !defined('IN_PORTAL') || !is_object($mx_block))
{
die("Hacking attempt");
}
---- snip, snip, snip ----
So direct calls to the affected script will fail.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list