[VIM] Wizi Wiki Wig LFI - maybe not code execution

Steven M. Christey coley at mitre.org
Thu Jul 17 05:34:54 UTC 2008


Some VDBs are reporting code execution as a consequence.  However,
brief (but not comprehensive) investigation of index.php suggests a
vulnerable function of traiter_article(), which does a file_exists
test with fopen/fread operations, so this might be just a "read
arbitrary files" consequence.  I haven't investigated all possible
vectors, however.  There's also a preg_replace() function on that
file's contents but as I vaguely remember, that's not the regexp
function that lets you feed executable content.  Might lead to some
interesting attacks however.

- Steve

More information about the VIM mailing list