[VIM] X7 Chat (mini.php help_file) Local File Include Vulnerability

George A. Theall theall at tenablesecurity.com
Sun Sep 28 02:44:03 UTC 2008

I'm not sure the exploit as described in milw0rm 6592 works generally.  
Notice the affected file is "help/mini.php" and the arg to include()  
starts with "./help/"? When you call the script directly, the working  
directory will be something like "/var/www/html/x7chat/help"., which  
causes the directory traversal to fail on targets running, say, *nix  
since there's no directory named "help" under that.

The issue is exploitable under version 2.0.0, but it appears to have  
been fixed in response to rgod's earlier advisory :


which leverages a very similar issue in 'help/index.php' to execute  
arbitrary code.

theall at tenablesecurity.com

More information about the VIM mailing list