[VIM] true: sk.log 0.5.3 RFI
Steven M. Christey
coley at mitre.org
Wed Sep 26 18:40:36 UTC 2007
Ref: BUGTRAQ "sk.log v0.5.3 Remote File Inclusion"
http://www.securityfocus.com/archive/1/archive/1/480484/100/0/threaded
Researcher: Seph1roth
first line of log.inc.php is as quoted, i.e.:
include_once( "$SKIN_URL/php/logdisplay.inc.php" );
A QUICK glance at the code suggests that there MIGHT be vectors that
are independent of register_globals (as the variable name suggests,
which is why I investigated this in the first place). For example, in
functions.inc.php, $SKIN_URL might be populated from per-user records
in a database, although how that field is inserted into the database
isn't immediately clear.
- Steve
More information about the VIM
mailing list