Re: Vanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.
>From Mark O'Sullivan, on http://lussumo.com/community/:
"Here is the code in question:
$WorkingDirectory = str_replace('\\', '/', getcwd()).'/';
$RootDirectory = str_replace('setup/', '', $WorkingDirectory);
// ...
// Include the old settings file if it is present (it just contains constants)
if (file_exists($RootDirectory.'conf/old_settings.php')) {
include($RootDirectory.'conf/old_settings.php');
As you can see, there is NO vulnerability. The variable used in the path is
defined a few lines above the code from the original report, and is defined
using PHP's getcwd(); function. There is absolutely NO user-input that could
cause the vulnerability suggested, and the "proof of concept" provided cannot
possibly work."