[VIM] bad report for EstateAgent?
Ferdy Riphagen
f.riphagen at nsec.nl
Thu Aug 24 12:54:19 EDT 2006
security curmudgeon wrote:
> : BUGTRAQ:20060820 Mambo Component - EstateAgent Remote File Inclusion
> : URL:http://www.securityfocus.com/archive/1/archive/1/443911/100/0/threaded
>
> http://osvdb.org/blog/?p=132
>
>
Another one (almost the same) from the osvdb blog list
http://seclists.org/bugtraq/2006/Aug/0376.html
I Could only find version 1.0 dated 22-04-2005 (version info would be nice)
http://mamboxchange.com/frs/?group_id=704&release_id=3974
Source is:
*snip*
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not
allowed.' );
global $my, $mosConfig_live_site, $mosConfig_lang;
if
(file_exists($mosConfig_absolute_path.'/components/com_contentpublisher/languages/'.$mosConfig_lang.'.php'))
{
include($mosConfig_absolute_path.'/components/com_contentpublisher/languages/'.$mosConfig_lang.'.php');
} else {
include($mosConfig_absolute_path.'/components/com_contentpublisher/languages/english.php');
}
*snip*
-- Ferdy
More information about the VIM
mailing list