[VIM] Pluck 4.6.2 (langpref) Local File Inclusion Vulnerabilities

Steven M. Christey coley at linus.mitre.org
Mon May 18 19:52:51 UTC 2009

On Mon, 18 May 2009, str0ke wrote:

> There isn't a data directory in the same folder as the vulnerable
> scripts.  So it will error in inclusion on most of the lines except the
> 3rd one if register globals = on.

... which means they fall through and $langpref is set externally, right?
I forgot about that little feature.

My kingdom for a cheat sheet to remind us of all these different PHP
oddities :-)  (we've got a limited one for CVE)

While I'm sharing - add show_source and highlight_file to your list of
dangerous LFI functions.  These are intended to perform syntax
highlighting of PHP program files, but they let regular files through just
fine.  CVE-2009-1653 / MILW0RM:8667 has this.  Does anybody know of any
earlier vulnerability report of this function?

- Steve

More information about the VIM mailing list