Re: Re: Mambo Open Source, Path disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Mambo Open Source, Path disclosure
From: trueend5@xxxxxxxxx
Date: 6 Nov 2005 14:32:05 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

You are right 
mamboserver soloution is available now:
The fix is easy,

in /component/com_content/content.php
Approx Line 190 Change the block FROM:


Code:
// Paramters
        $params = new stdClass();
        if ( $Itemid ) {
                $menu = new mosMenu( $database );
                $menu->load( $Itemid );
                $params =& new mosParameters( $menu->params );
        } else {
                $menu = "";
                $params =& new mosEmpty();

        }

CHANGE TO READ:

Code:
// Paramters
        $params = new stdClass();
        if ( $Itemid ) {
                $menu = new mosMenu( $database );
                $menu->load( $Itemid );
                $params =& new mosParameters( $menu->params );
        } else {
                $menu = "";
                $params =& new mosParameters(''); //mosEmpty();

        }
best regards
Alireza Hassani
Security Science Researchers Institute Of Iran
[http://www.KAPDA.ir]

Prev by Date: [ GLSA 200511-06 ] fetchmail: Password exposure in fetchmailconf
Next by Date: Re: [Full-disclosure] Re: readdir_r considered harmful
Previous by thread: Re: Mambo Open Source, Path disclosure
Next by thread: Buffer-overflow in GO-Global for Windows 3.1.0.3270
Index(es):
- Date
- Thread