[VIM] bad report for EstateAgent?
Steven M. Christey
coley at mitre.org
Wed Aug 23 19:53:26 EDT 2006
BUGTRAQ:20060820 Mambo Component - EstateAgent Remote File Inclusion
URL:http://www.securityfocus.com/archive/1/archive/1/443911/100/0/threaded
Outlaw from Aria Security includes the following source code extract:
># Don't allow direct linking
>
>defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not
>allowed.' );
>
>require_once( $mainframe->getPath( 'front_html' ) );
>
>require($mosConfig_absolute_path."/administrator/components/com_estateag
>ent/configuration.php");
Um - isn't this the recommended fix that Mambo told all component
developers to use? I don't have that URL on me at the moment.
Anyway, I can't get any source code to check - I couldn't find it on
the site after a cursory look - but I'm not sure this report is
correct, based on the above.
- Steve
More information about the VIM
mailing list