Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities
From: Joxean Koret <joxeankoret () yahoo es>
Date: Thu, 13 Jul 2006 21:13:02 +0200


El jue, 13-07-2006 a las 01:35 +0000, matdhule () gmail com escribió:

require_once( $mosConfig_absolute_path .
'/includes/domit/xml_domit_lite_include.php' );


Variables $mosConfig_absolute_path are not properly sanitized. When
and allow_fopenurl=on an attacker can exploit this vulnerability with
simple php injection script.

I think that even if allow_fopenurl is not on you can open remote files
by using UNC style paths, such as \\mymachine\myresource\, of course,
under Win32 environments.

Zer gutxi balio duen langileen bizitza

Attachment: signature.asc
Description: Esta parte del mensaje est√° firmada digitalmente

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]