Bugtraq mailing list archives
Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities
From: Joxean Koret <joxeankoret () yahoo es>
Date: Thu, 13 Jul 2006 21:13:02 +0200
Hello, El jue, 13-07-2006 a las 01:35 +0000, matdhule () gmail com escribió:
require_once( $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php' ); ------------------------------------------------------------ Variables $mosConfig_absolute_path are not properly sanitized. When register_globals=on and allow_fopenurl=on an attacker can exploit this vulnerability with a simple php injection script.
I think that even if allow_fopenurl is not on you can open remote files by using UNC style paths, such as \\mymachine\myresource\, of course, under Win32 environments. -- Zer gutxi balio duen langileen bizitza
Attachment:
signature.asc
Description: Esta parte del mensaje está firmada digitalmente
Current thread:
- [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities matdhule (Jul 13)
- Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities Joxean Koret (Jul 13)