Hosting Provided By

Re: Joomla J! Reactions Component Remote File include Bug

From: <software(at)sdecnet.com>
Date: Sat Aug 18 2007 - 04:23:16 EDT

The entire langset.php file should be changed to:

<?php defined( '_VALID_MOS' ) or die( 'Direct access is prohibited.' ); global $mosConfig_lang;
if (file_exists("$comPath/custom/".$mosConfig_lang.".php")) {

include("$comPath/custom/".$mosConfig_lang.".php"); } else {

require("$comPath/custom/english.php");
} ?>

The spam expolit occurs because the original file does not test VALID_MOS. This vulnerability exists in build 1.8.1 and earlier. Received on Mon Aug 20 13:54:13 2007

This message: [ Message body ]
Next message: Reversemode: "[Reversemode Advisory] CheckPoint ZoneLabs Vsdatant.sys multiple local privilege escalation vulnerabilities"
Previous message: security(at)mandriva.com: "[ MDKSA-2007:167 ] - Updated libvorbis packages fix vulnerabilities"
Maybe in reply to: yollubunlar(at)hotmail.com: "Joomla J! Reactions Component Remote File include Bug"
Next in thread: yollubunlar(at)yollubunlar.org: "Re: Re: Joomla J! Reactions Component Remote File include Bug"
Maybe reply: yollubunlar(at)yollubunlar.org: "Re: Re: Joomla J! Reactions Component Remote File include Bug"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:12:44 EDT