[VIM] 60cycleCMS <= 2.5.0 Remote File Include Exploit

George A. Theall theall at tenablesecurity.com
Tue Dec 22 19:33:29 UTC 2009

With a bit of encouragement from Steve...

Exploit DB's #10551 looks bogus to me. PoC is:


Code snippet from 2.5.0, which is supposedly affected:

   // include your sql info file here
   $root = $_SERVER['DOCUMENT_ROOT'];
   require "$root/../config.php";

$_SERVER is one of those predefined variables in PHP and contains  
server and execution environment info. As far as I know, a remote  
attacker can't override it, least not by passing in something through  
a 'DOCUMENT_ROOT' parameter.

theall at tenablesecurity.com

More information about the VIM mailing list