[VIM] CyBoards PHP uncertainties (RFI/path traversal)

Steven M. Christey coley at linus.mitre.org
Tue Aug 19 19:02:30 UTC 2008


Ref: http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt
     BID:30688
     XF:cyboardsphplite-scriptpath-file-include(44474)

Researcher: C r a C k E r



from one of our analysts:

  The researcher says CyBoards PHP Lite v1.21 from hotscripts.com. It
  is unclear how to download 1.21 from hotscripts.com; apparently only
  1.25 is available. For many of the vectors specified by the
  researcher, the CVE-2006-2871 VIM discussion applies. Specifically,
  if the installation follows the instructions, the include of
  include/config.php is a valid include that defines script_path
  before use. (On the other hand, if the product were simply extracted
  under the web root, it would probably be vulnerable.) Note that,
  although default_header.php RFI was fixed in later versions (see the
  CVE-2007-1983 VIM reference), the code change in question is not
  generally applicable to other files.


- Steve


More information about the VIM mailing list