[VIM] Pluck 4.6.2 (langpref) Local File Inclusion Vulnerabilities
str0ke
str0ke at milw0rm.com
Mon May 18 20:36:56 UTC 2009
Steven M. Christey wrote:
> While I'm sharing - add show_source and highlight_file to your list of
> dangerous LFI functions. These are intended to perform syntax
> highlighting of PHP program files, but they let regular files through just
> fine. CVE-2009-1653 / MILW0RM:8667 has this. Does anybody know of any
> earlier vulnerability report of this function?
>
> - Steve
>
Not sure on show_source but the highlight_file function listed in 2008.
http://milw0rm.com/exploits/5394
http://milw0rm.com/exploits/5420
More information about the VIM
mailing list