[VIM] False: JEvents1.4.1 For Joomla Remote File Include Vulnerability
str0ke
str0ke at milw0rm.com
Fri Jun 8 18:12:03 UTC 2007
Yep your right removing 4048. My mind must of been playing tricks on me.
/str0ke
On 6/8/07, str0ke <str0ke at milw0rm.com> wrote:
> Wow thats strange. Redownloaded the tar and thats not what I saw
> before. Rechecking.
>
> /str0ke
>
> On 6/8/07, George A. Theall <theall at tenablesecurity.com> wrote:
> > Milw0rm 4048 seems bogus to me. I grabbed the code from
> > http://joomlacode.org/gf/download/frsrelease/502/11101/com_events_1.4.1.zip,
> > which Blu3H47 claims is affected. The affected file starts:
> >
> > ---- snip, snip, snip ----
> > <?php
> > /**
> > * Events Component for Joomla 1.0.x
> > *
> > * @version $Id: comutils.php 295 2006-12-06 09:20:53Z geraint $
> > * @package Events
> > * @copyright Copyright (C) 2006 JEvents Project Group
> > * @licence http://www.gnu.org/copyleft/gpl.html
> > * @link http://forge.joomla.org/sf/projects/jevents
> > */
> >
> > /*
> > loads all required classes and file to support Events Component (Frontend)
> > */
> >
> > global $mainframe;
> >
> > // first load config class
> > require_once(mosMainFrame::getBasePath('admin') .
> > 'components/com_events/lib/config.php');
> >
> > ---- snip, snip, snip ----
> >
> > Notice the version info here is the same as what Blu3H47 reports but the
> > require_once() function can not be abused by an attacker. The date on
> > 'includes/comutils.php' in the ZIP file is 12-06-06 so it doesn't seem
> > like the case of a quick fix after the vuln was announced. So what gives?
> >
> >
> >
> > George
> > --
> > theall at tenablesecurity.com
> >
>
More information about the VIM
mailing list