[VIM] Bogus: Segue CMS <= 1.8.4 index.php Remote File Inclusion Vulnerability

George A. Theall theall at tenablesecurity.com
Mon Oct 1 18:13:20 UTC 2007


On 10/01/07 14:03, str0ke wrote:

> Test it out with globals = off
> 
> Seems hes doing some hacking look at index.php for register_globals.
> 
> So they need register_globals to be off for this vuln to work properly
> << kind of scary.

You're right again.  In includes.inc.php, there's a call to 
import_request_variables() if register_globals is *not* set.


George
-- 
theall at tenablesecurity.com


More information about the VIM mailing list