[VIM] true: sk.log 0.5.3 RFI

Steven M. Christey coley at mitre.org
Wed Sep 26 18:40:36 UTC 2007

Ref: BUGTRAQ "sk.log v0.5.3 Remote File Inclusion"
Researcher: Seph1roth

first line of log.inc.php is as quoted, i.e.:

    include_once( "$SKIN_URL/php/logdisplay.inc.php" );

A QUICK glance at the code suggests that there MIGHT be vectors that
are independent of register_globals (as the variable name suggests,
which is why I investigated this in the first place).  For example, in
functions.inc.php, $SKIN_URL might be populated from per-user records
in a database, although how that field is inserted into the database
isn't immediately clear.

- Steve

More information about the VIM mailing list