[VIM] bad report for EstateAgent?

security curmudgeon jericho at attrition.org
Wed Aug 23 20:04:54 EDT 2006

: BUGTRAQ:20060820 Mambo Component - EstateAgent Remote File Inclusion
: URL:http://www.securityfocus.com/archive/1/archive/1/443911/100/0/threaded
: Outlaw from Aria Security includes the following source code extract:
: ># Don't allow direct linking
: >
: >defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not
: >allowed.' );
: >
: >require_once( $mainframe->getPath( 'front_html' ) );
: >
: >require($mosConfig_absolute_path."/administrator/components/com_estateag
: >ent/configuration.php");
: Um - isn't this the recommended fix that Mambo told all component
: developers to use?  I don't have that URL on me at the moment.
: Anyway, I can't get any source code to check - I couldn't find it on
: the site after a cursory look - but I'm not sure this report is
: correct, based on the above.

Without looking, there is a high probability. Check out the recent rash 
of Mambo/Joomla related vulns:


Specifically, several from this person were found to be inaccurate, so 
seeing this turn up wrong wouldn't be a shock.

More information about the VIM mailing list