[VIM] bad report for EstateAgent?
jericho at attrition.org
Wed Aug 23 20:04:54 EDT 2006
: BUGTRAQ:20060820 Mambo Component - EstateAgent Remote File Inclusion
: Outlaw from Aria Security includes the following source code extract:
: ># Don't allow direct linking
: >defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not
: >allowed.' );
: >require_once( $mainframe->getPath( 'front_html' ) );
: Um - isn't this the recommended fix that Mambo told all component
: developers to use? I don't have that URL on me at the moment.
: Anyway, I can't get any source code to check - I couldn't find it on
: the site after a cursory look - but I'm not sure this report is
: correct, based on the above.
Without looking, there is a high probability. Check out the recent rash
of Mambo/Joomla related vulns:
Specifically, several from this person were found to be inaccurate, so
seeing this turn up wrong wouldn't be a shock.
More information about the VIM