[VIM] Slooze PHP Web Photo Album v0.2.7 Command Execution Vulnerability

George A. Theall theall at tenablesecurity.com
Mon May 10 18:14:46 UTC 2010


Exploit DB 12515 / Bugtraq 39948 looks bogus to me. Sn!pEr.S!Te  
hacker's advisory has this:

   system('del "' . $this->cachePath . $file . '"');   /* Windows  
platforms */

   line :1003

Yet if you look at the actual code, either linked in via the Exploit  
DB advisory or in version 0.2.7 from SourceForge directly, here's what  
you find around that line:

     /* private: clear the cache */
     function cacheClear() {
       if ($handle = opendir($this->cachePath)) {
         while ($file = readdir($handle)) {
           /* if is cache file */
           if(ereg('.+\.tmp$', $file)) {
             unlink($this->cachePath . $file);
   //        system('del "' . $this->cachePath . $file . '"');   /*  
Windows platforms */
           }
         }
         closedir($handle);
       }
     }

Looking at the larger snippet, it doesn't look exploitable as Sn!pEr.S! 
Te hacker suggests, does it?


George
-- 
theall at tenablesecurity.com





More information about the VIM mailing list