Bugtraq mailing list archives
Re: Mambo Component - EstateAgent Remote File Inclusion
From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Thu, 24 Aug 2006 00:51:34 +0200
Hi, Outlaw () aria-security net schrieb am Sun, 20 Aug 2006 02:02:16 +0000: Ay you wrote yourself:
# Don't allow direct linking defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
This kills the script I you try a direct access, so there is no manipulation of variables possible.
#Proof of Concept: # #www.site.com/com_estateagent/estateagent.php?mosConfig_absolute_path=shell
Dies imediately without any code-execution after the defined-line above.
#Solutions : #1 - If you have access on webserver turn register_globals in php.ini off #2 - You must give a value before put the value of variable in the include function or check and filter
You forgot #3 - Check variable in other script and let this script die after direct access. Oh, #3 is always implemented... ;-) Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
Current thread:
- Mambo Component - EstateAgent Remote File Inclusion Outlaw (Aug 21)
- Re: Mambo Component - EstateAgent Remote File Inclusion Carsten Eilers (Aug 24)