On Sun, 2006-08-20 at 01:55 +0000, Outlaw (at) aria-security (dot) net [email concealed] wrote:
> ########################################################################
###################
> # Aria-Security.net Advisory #
> # Discovered by: O.U.T.L.A.W #
>
> # < www.Aria-security.net > #
> # Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp #
> # #
> ########################################################################
###################
>
>
> #Software: Mambo Components ContXTD
> #Attack method: Remote File Inclusion
> #Source:
>
> ** ensure this file is being included by a parent file */
> defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
>
> include_once( $mosConfig_absolute_path .'/includes/vcard.class.php' );
The "defined( '_VALID_MOS' ) or die" you quoted is there to prevent
this. You can't define that constant from POST or GET.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum