[VIM] Joomla Flash Image Gallery Component RFI Vulnerability
str0ke
str0ke at milw0rm.com
Tue Oct 9 02:37:07 UTC 2007
This has been changed on my end, good catch.
/str0ke
George A. Theall wrote:
> The affected parameter in Milw0rm 4496 is wrong -- it should be
> 'mosConfig_live_site' rather than 'mosConfig_absolute_path'. The
> affected file in at least version 1.0 of the component is:
>
> ----- snip, snip, snip -----
> <?php
> include( "$mosConfig_live_site/components/com_wmtgallery/about.html" );
> ?>
> ----- snip, snip, snip -----
>
> Bugtraq 25958 appears to have the same problem with the
> proof-of-concept they provide.
>
>
> George
More information about the VIM
mailing list