[VIM] bad report for EstateAgent?

Ferdy Riphagen f.riphagen at nsec.nl
Thu Aug 24 12:54:19 EDT 2006


security curmudgeon wrote:
> : BUGTRAQ:20060820 Mambo Component - EstateAgent Remote File Inclusion
> : URL:http://www.securityfocus.com/archive/1/archive/1/443911/100/0/threaded
>
> http://osvdb.org/blog/?p=132
>
>   
Another one (almost the same) from the osvdb blog list
http://seclists.org/bugtraq/2006/Aug/0376.html

I Could only find version 1.0 dated 22-04-2005 (version info would be nice)
http://mamboxchange.com/frs/?group_id=704&release_id=3974

Source is:

*snip*

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not 
allowed.' );

global $my, $mosConfig_live_site, $mosConfig_lang;

if 
(file_exists($mosConfig_absolute_path.'/components/com_contentpublisher/languages/'.$mosConfig_lang.'.php')) 
{
    
include($mosConfig_absolute_path.'/components/com_contentpublisher/languages/'.$mosConfig_lang.'.php');
} else {
    
include($mosConfig_absolute_path.'/components/com_contentpublisher/languages/english.php');
}

*snip*

-- Ferdy







More information about the VIM mailing list