Bugtraq mailing list archives
Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability
From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Sat, 19 Aug 2006 00:51:51 +0200
Hi, crackers_child () sibersavascilar com schrieb am Fri, 18 Aug 2006 09:46:12 +0000:
Title : Joomla Rssxt <= 1.0 Remote File Include Vulnerability
First: There ist no pinger.php or RPC.php in V 1.0. But they are in 2.0 Beta 1. So maybe you reportet the wrong version.
------------------------------------------- Bug in pinger.php require("../../configuration.php"); require("../../classes/mambo.php"); require("../../includes/sef.php"); require("$mosConfig_absolute_path/administrator/components/com_rssxt/ class.rssxt.php");
$mosConfig_absolute_path is set in configuration.php. If it is not manipulated in classes/mambo.php or includes/sef.php there ist no way to change it. Surely not in pinger.php.
in RPC.php require("../../configuration.php"); ...
Same as above.
rssxt.php include($mosConfig_absolute_path."/components/com_rssxt/includes/ feedcreator.class.php"); require_once( $mosConfig_absolute_path."/administrator/components/ com_rssxt/class.rssxt.php");
rssxt.php checks for direct calls, if you call it direct you got a 'die', but no code-execution oder file inclusion. No file inclusion at all. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
Current thread:
- Joomla Rssxt <= 1.0 Remote File Include Vulnerability crackers_child (Aug 18)
- Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability Carsten Eilers (Aug 22)