[VIM] phpMyConferences <= 8.0.2 Remote File Disclosure Vulnerability

George A. Theall theall at tenablesecurity.com
Wed Oct 31 20:14:15 UTC 2007

I don't know how many sites are actually affected by this. Here's the 
affected script as it appears in version 8.0.2:

   header("Content-disposition: attachment; filename=".$_GET('filname']);
   header("Content-Type: application/force-download");
   header("Content-Transfer-Encoding: binary");
   header("Content-Length: ".filesize($_GET['dir']));
   header("Pragma: no-cache");
   header("Cache-Control: no-store, no-cache, must-revalidate, 
post-check=0, pre-check=0");
   header("Expires: 0");


Notice the unclosed bracket in the second line above? php can't parse it.

theall at tenablesecurity.com

More information about the VIM mailing list