Hi,
crackers_child (at) sibersavascilar (dot) com [email concealed] schrieb am Fri, 18 Aug 2006 09:46:12 +0000:
>Title : Joomla Rssxt <= 1.0 Remote File Include Vulnerability
First: There ist no pinger.php or RPC.php in V 1.0.
But they are in 2.0 Beta 1.
So maybe you reportet the wrong version.
>-------------------------------------------
>
>Bug
>
>
>in pinger.php
>
>
>require("../../configuration.php");
>
>require("../../classes/mambo.php");
>
>require("../../includes/sef.php");
>
>require("$mosConfig_absolute_path/administrator/components/com_rssxt/
>class.rssxt.php");
$mosConfig_absolute_path is set in configuration.php.
If it is not manipulated in classes/mambo.php or
includes/sef.php there ist no way to change it.
Surely not in pinger.php.
>in RPC.php
>
>
>require("../../configuration.php");
>
> ...
Same as above.
>rssxt.php
>
>
>include($mosConfig_absolute_path."/components/com_rssxt/includes/
>feedcreator.class.php");
>
>require_once( $mosConfig_absolute_path."/administrator/components/
>com_rssxt/class.rssxt.php");
rssxt.php checks for direct calls, if you call it
direct you got a 'die', but no code-execution oder
file inclusion.
No file inclusion at all.
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum