[VIM] Wizi Wiki Wig LFI - maybe not code execution
Steven M. Christey
coley at mitre.org
Thu Jul 17 05:34:54 UTC 2008
http://www.milw0rm.com/exploits/6042
Some VDBs are reporting code execution as a consequence. However,
brief (but not comprehensive) investigation of index.php suggests a
vulnerable function of traiter_article(), which does a file_exists
test with fopen/fread operations, so this might be just a "read
arbitrary files" consequence. I haven't investigated all possible
vectors, however. There's also a preg_replace() function on that
file's contents but as I vaguely remember, that's not the regexp
function that lets you feed executable content. Might lead to some
interesting attacks however.
- Steve
More information about the VIM
mailing list