Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability

From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Sat, 19 Aug 2006 00:51:51 +0200
Hi,

crackers_child () sibersavascilar com schrieb am Fri, 18 Aug 2006 09:46:12 +0000:


Title : Joomla Rssxt <= 1.0 Remote File Include Vulnerability


First: There ist no pinger.php or RPC.php in V 1.0.
But they are in 2.0 Beta 1.
So maybe you reportet the wrong version.


-------------------------------------------

Bug 


in pinger.php


require("../../configuration.php");

require("../../classes/mambo.php");

require("../../includes/sef.php");

require("$mosConfig_absolute_path/administrator/components/com_rssxt/
class.rssxt.php");


$mosConfig_absolute_path is set in configuration.php.
If it is not manipulated in classes/mambo.php or
includes/sef.php there ist no way to change it.
Surely not in pinger.php.


in RPC.php


require("../../configuration.php");

...

Same as above.


rssxt.php 


include($mosConfig_absolute_path."/components/com_rssxt/includes/
feedcreator.class.php");

require_once( $mosConfig_absolute_path."/administrator/components/
com_rssxt/class.rssxt.php"); 


rssxt.php checks for direct calls, if you call it
direct you got a 'die', but no code-execution oder
file inclusion.

No file inclusion at all.

Regards
  Carsten

-- 
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz

<http://www.ceilers-it.de>
Previous By Date Next
Previous By Thread Next

Current thread: