BugTraq
Joomla Rssxt <= 1.0 Remote File Include Vulnerability Aug 18 2006 09:46AM
crackers_child sibersavascilar com (1 replies)
Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability Aug 18 2006 10:51PM
Carsten Eilers (ceilers-lists gmx de)
Hi,

crackers_child (at) sibersavascilar (dot) com [email concealed] schrieb am Fri, 18 Aug 2006 09:46:12 +0000:

>Title : Joomla Rssxt <= 1.0 Remote File Include Vulnerability

First: There ist no pinger.php or RPC.php in V 1.0.
But they are in 2.0 Beta 1.
So maybe you reportet the wrong version.

>-------------------------------------------
>
>Bug
>
>
>in pinger.php
>
>
>require("../../configuration.php");
>
>require("../../classes/mambo.php");
>
>require("../../includes/sef.php");
>
>require("$mosConfig_absolute_path/administrator/components/com_rssxt/
>class.rssxt.php");

$mosConfig_absolute_path is set in configuration.php.
If it is not manipulated in classes/mambo.php or
includes/sef.php there ist no way to change it.
Surely not in pinger.php.

>in RPC.php
>
>
>require("../../configuration.php");
>
> ...
Same as above.

>rssxt.php
>
>
>include($mosConfig_absolute_path."/components/com_rssxt/includes/
>feedcreator.class.php");
>
>require_once( $mosConfig_absolute_path."/administrator/components/
>com_rssxt/class.rssxt.php");

rssxt.php checks for direct calls, if you call it
direct you got a 'die', but no code-execution oder
file inclusion.

No file inclusion at all.

Regards
Carsten

--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz

<http://www.ceilers-it.de>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus