<<< Date Index >>>     <<< Thread Index >>>

Re: [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities



Hello,

El jue, 13-07-2006 a las 01:35 +0000, matdhule@xxxxxxxxx escribió:
> 
> require_once( $mosConfig_absolute_path .
> '/includes/domit/xml_domit_lite_include.php' );
> 
> ------------------------------------------------------------
> 
> Variables $mosConfig_absolute_path are not properly sanitized. When
> register_globals=on
> and allow_fopenurl=on an attacker can exploit this vulnerability with
> a
> simple php injection script.

I think that even if allow_fopenurl is not on you can open remote files
by using UNC style paths, such as \\mymachine\myresource\, of course,
under Win32 environments.

-- 
Zer gutxi balio duen langileen bizitza

Attachment: signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente