Re: Mambo Component - EstateAgent Remote File Inclusion

["Carsten Eilers" <ceilers-lists () gmx de>]

Hi,

Outlaw () aria-security net schrieb am Sun, 20 Aug 2006 02:02:16 +0000:

Ay you wrote yourself:

> # Don't allow direct linking
>
>  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not
> allowed.' );

This kills the script I you try a direct access, so there
is no manipulation of variables possible.
                                                                                          
> #Proof of Concept:                                                                       
>
> #
>
> #www.site.com/com_estateagent/estateagent.php?mosConfig_absolute_path=shell

Dies imediately without any code-execution after the
defined-line above.
    
> #Solutions : 
>
> #1 - If you have access on webserver turn register_globals in php.ini off
>
> #2 - You must give a value before put the value of variable in the
> include function or check and filter 

You forgot

#3 - Check variable in other script and let this script die
     after direct access.

Oh, #3 is always implemented... ;-)

Regards
  Carsten

-- 
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz

<http://www.ceilers-it.de>