[VIM] true: sk.log 0.5.3 RFI
str0ke
str0ke at milw0rm.com
Wed Sep 26 18:50:22 UTC 2007
He pretty much stole the last 2 vulns from w0cker
http://www.milw0rm.com/exploits/4454
Steven M. Christey wrote:
> Ref: BUGTRAQ "sk.log v0.5.3 Remote File Inclusion"
> http://www.securityfocus.com/archive/1/archive/1/480484/100/0/threaded
> Researcher: Seph1roth
>
>
> first line of log.inc.php is as quoted, i.e.:
>
> include_once( "$SKIN_URL/php/logdisplay.inc.php" );
>
>
> A QUICK glance at the code suggests that there MIGHT be vectors that
> are independent of register_globals (as the variable name suggests,
> which is why I investigated this in the first place). For example, in
> functions.inc.php, $SKIN_URL might be populated from per-user records
> in a database, although how that field is inserted into the database
> isn't immediately clear.
>
> - Steve
>
>
More information about the VIM
mailing list