[VIM] False: Joomla/Mambo Jambook v1.0 beta7 Rfi Vuln.

[George A. Theall]

Bugtraq 23509 looks false. It concerns a remote file include flaw in a 
third-party component for Mambo / Joomla called Jambook. I installed 1.0 
beta7, which crazy_king claims is affected. Here's the code in 
'components/com_jambook/jambook.php':

   if ( !defined( '_VALID_MOS' ) && !defined('_JEXEC') ) die( 'Direct 
Access to this location is not allowed.' );

   global $option, $Itemid;

   //Get right Language file
   if ( file_exists( 
"$mosConfig_absolute_path/components/$option/language/$mosConfig_lang.php" 
) ) {
 
include_once("$mosConfig_absolute_path/components/$option/language/$mosConfig_lang.php");
   } else {
 
include_once("$mosConfig_absolute_path/components/$option/language/english.php");
   }

   // Read configuration file
 
include_once("$mosConfig_absolute_path/components/$option/configuration.php");

   // Read a file containing the jxTemplate class
 
require_once("$mosConfig_absolute_path/components/$option/jxtemplate.php");

   // Read frontend html classes
   require_once( $mainframe->getPath( 'front_html' ) );

   // Read database class information
   require_once( $mainframe->getPath( 'class' ) );

   // Read a file with common functions
 
require_once("$mosConfig_absolute_path/components/$option/jambook.common.php");

   // Read a file with the CAPTCHA class
 
require_once("$mosConfig_absolute_path/components/$option/ocr_captcha.class.php");

Clearly, this file can't be called directly, so this advisory is bogus. 
I wonder, though, why crazy_king felt the need to skip the first couple 
of similar function calls and alert us to the require_once() later on. 
Perhaps we'll be treated with similar warnings from him in the future...


George
-- 
theall at tenablesecurity.com