[VIM] Mambo Module uhp 0.3 (uhp_config.php) Remote File Inclusion Exploit
George A. Theall
theall at tenablesecurity.com
Fri Mar 23 21:18:58 UTC 2007
On 03/23/07 17:09, Steven M. Christey wrote:
>> After last summer's blitz, any remote file include issue published
>> nowadays and involving mosConfig_absolute_path raises suspicions in
>> my mind.
>
> Really? Hmmm. Since mosConfig_absolute_path is clearly associated
> with arbitrary third-party modules (like phpbb_home_path is for
> PHPBB), I'm not always going to be suspicious
I apologize - I was being sarcastic. It seemed like everybody and his
brother was testing Mambo modules for this flaw last summer and hence
unlikely that one was missed.
> which sure looks like legit RFI to me.
>
> And, as you said, sure looks the same as last year's. But this kind of
> rediscovery is not surprising.
I'm not denying the flaw exists, only expressing surprise it slipped by
SecurityFocus and especially str0ke.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list