Bugtraq mailing list archives
Re: Joomla J! Reactions Component Remote File include Bug
From: software () sdecnet com
Date: 18 Aug 2007 08:23:16 -0000
The entire langset.php file should be changed to: <?php defined( '_VALID_MOS' ) or die( 'Direct access is prohibited.' ); global $mosConfig_lang; if (file_exists("$comPath/custom/".$mosConfig_lang.".php")) { include("$comPath/custom/".$mosConfig_lang.".php"); } else { require("$comPath/custom/english.php"); } ?> The spam expolit occurs because the original file does not test VALID_MOS. This vulnerability exists in build 1.8.1 and earlier.
Current thread:
- Joomla J! Reactions Component Remote File include Bug yollubunlar (Aug 04)
- <Possible follow-ups>
- Re: Joomla J! Reactions Component Remote File include Bug software (Aug 20)
- Re: Re: Joomla J! Reactions Component Remote File include Bug yollubunlar (Aug 21)