Re: Joomla J! Reactions Component Remote File include Bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The entire langset.php file should be changed to:

<?php defined( '_VALID_MOS' ) or die( 'Direct access is prohibited.' );
global $mosConfig_lang;
if (file_exists("$comPath/custom/".$mosConfig_lang.".php")) {
   include("$comPath/custom/".$mosConfig_lang.".php");
} else {
   require("$comPath/custom/english.php");
} ?>

The spam expolit occurs because the original file does not test VALID_MOS. This vulnerability exists in build 1.8.1 and earlier.
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux