[VIM] vendor ack for "mambo-phphop Product Scroller Module R.F.I"
George A. Theall
theall at tenablesecurity.com
Thu Aug 24 06:47:36 EDT 2006
security curmudgeon wrote:
> so it appears this is a seperate issue completely
Probably. :-(
I did find a copy of mambo-phpShop 1.2 RC2b here:
http://82.165.28.69/mportal/uploadfiles/451/mambo-phpShop_1.2_RC2b_COMPLETE__PACKAGE.zip
[Note: not the author's site.] After installing it, I didn't see any of
the files mentioned in the original advisory, but in
administrator/components/com_phpshop/toolbar.phpshop.html.php you have
the following code (comments removed) at the start:
define( '_PSHOP_ADMIN', '1' );
if (!file_exists(
$mosConfig_absolute_path.'/administrator/components/com_phpshop/install.php'
)) {
require_once(
$mosConfig_absolute_path."/components/com_phpshop/phpshop_parser.php");
}
which appears to be what the author was addressing in his advisory on
August 21.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list