[VIM] bad report for EstateAgent?

Steven M. Christey coley at mitre.org
Wed Aug 23 19:53:26 EDT 2006


BUGTRAQ:20060820 Mambo Component - EstateAgent Remote File Inclusion
URL:http://www.securityfocus.com/archive/1/archive/1/443911/100/0/threaded


Outlaw from Aria Security includes the following source code extract:

># Don't allow direct linking
>
>defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not
>allowed.' );
>
>require_once( $mainframe->getPath( 'front_html' ) );
>
>require($mosConfig_absolute_path."/administrator/components/com_estateag
>ent/configuration.php");


Um - isn't this the recommended fix that Mambo told all component
developers to use?  I don't have that URL on me at the moment.

Anyway, I can't get any source code to check - I couldn't find it on
the site after a cursory look - but I'm not sure this report is
correct, based on the above.

- Steve


More information about the VIM mailing list