<<< Date Index >>>     <<< Thread Index >>>

Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability



Hi,

crackers_child@xxxxxxxxxxxxxxxxxxx schrieb am Fri, 18 Aug 2006 09:46:12 +0000:

>Title : Joomla Rssxt <= 1.0 Remote File Include Vulnerability

First: There ist no pinger.php or RPC.php in V 1.0.
But they are in 2.0 Beta 1.
So maybe you reportet the wrong version.

>-------------------------------------------
>
>Bug 
>
>
>in pinger.php
>
>
>require("../../configuration.php");
>
>require("../../classes/mambo.php");
>
>require("../../includes/sef.php");
>
>require("$mosConfig_absolute_path/administrator/components/com_rssxt/
>class.rssxt.php");

$mosConfig_absolute_path is set in configuration.php.
If it is not manipulated in classes/mambo.php or
includes/sef.php there ist no way to change it.
Surely not in pinger.php.

>in RPC.php
>
>
>require("../../configuration.php");
>
> ...
Same as above.

>rssxt.php 
>
>
>include($mosConfig_absolute_path."/components/com_rssxt/includes/
>feedcreator.class.php");
>
>require_once( $mosConfig_absolute_path."/administrator/components/
>com_rssxt/class.rssxt.php"); 

rssxt.php checks for direct calls, if you call it
direct you got a 'die', but no code-execution oder
file inclusion.

No file inclusion at all.

Regards
  Carsten

-- 
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz

<http://www.ceilers-it.de>