[VIM] true: sk.log 0.5.3 RFI

str0ke str0ke at milw0rm.com
Wed Sep 26 18:50:22 UTC 2007

He pretty much stole the last 2 vulns from w0cker


Steven M. Christey wrote:
> Ref: BUGTRAQ "sk.log v0.5.3 Remote File Inclusion"
>    http://www.securityfocus.com/archive/1/archive/1/480484/100/0/threaded
> Researcher: Seph1roth
> first line of log.inc.php is as quoted, i.e.:
>     include_once( "$SKIN_URL/php/logdisplay.inc.php" );
> A QUICK glance at the code suggests that there MIGHT be vectors that
> are independent of register_globals (as the variable name suggests,
> which is why I investigated this in the first place).  For example, in
> functions.inc.php, $SKIN_URL might be populated from per-user records
> in a database, although how that field is inserted into the database
> isn't immediately clear.
> - Steve

More information about the VIM mailing list