[VIM] old PHP issues

ascii ascii at katamail.com
Fri Jul 9 01:36:35 CDT 2010

On 07/09/2010 01:32 AM, security curmudgeon wrote:
> Digging through old links to sort, found this again:
> http://www.cr0w.ru/2009/03/self-contained-file-include-in-php-520.html
> Would these be implementation specific, or flaws in PHP itself?

It's a feature of PHP, known and exploited from many years, well before

PHP file functions support different URI handlers, that's why RFI over
HTTP was so common in the first place (forgetting about absolutely ugly
and vulnerable PHP code written by first time developers).

Have a nice day,
Francesco `ascii` Ongaro

More information about the VIM mailing list