[VIM] Confirm - Mambo 4.5.1 Modules Flatmenu <= 1.07 Remote File Include Exploit

George A. Theall theall at tenablesecurity.com
Mon Mar 26 11:31:04 UTC 2007


Like I said before, I'm suspicious of these sort of flaws in Mambo / 
Joomla so I installed the software and took a look. Sure enough, the 
flaw does exist. In modules/mod_flatmenu.php of 1.0 (beta) Build 07 for 
Version 4.5.1, the first line of PHP code is:

   require_once( 
"$mosConfig_absolute_path/modules/mod_flatmenu.class.php" );

So, if register_globals is enabled, you have a vector for remote file 
include attacks.


George
-- 
theall at tenablesecurity.com


More information about the VIM mailing list