[VIM] Pluck Local File Inclusion

George A. Theall theall at tenablesecurity.com
Mon Jul 14 19:40:47 UTC 2008

Has anyone looked at the advisory about local file include issues in  
Pluck (BID 30218 / http://archives.neohapsis.com/archives/bugtraq/2008-07/0106.html)? 
  It seems like the issues aren't generally exploitable if you call  
the affected script directly since the directories embedded in calls  
to include() -- "data/inc/lang", "data/content", and "data/blog" --  
are located at the base of the application's install directory rather  
than under "data/inc/themes". Or do I just mis-understand how PHP sets  
the current working directory when calling a script?

theall at tenablesecurity.com

More information about the VIM mailing list