Hi, crackers_child@xxxxxxxxxxxxxxxxxxx schrieb am Fri, 18 Aug 2006 10:04:39 +0000: > >Title : Joomla x-shop <= 1.7 Remote File Include Vulnerability > >Download : http://mamboxchange.com/frs/?group_id=187&release_id=1047 > > >Bug in admin.x-shop.php > > ><? > >include($mosConfig_absolute_path.'/administrator/components/com_x-shop/ >languages/'.$mosConfig_lang.'.php'); > >session_start(); Strange thinks happens: There is not include in the admin.x-shop.php from the archive I downloaded this evening. Even stranger: There is no mosConfig_absolute_path in it, too. Same with the other files. What did you test? Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
