Joomla! Discussion Forums

It is currently Tue Nov 24, 2009 5:47 pm (All times are UTC )

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

PHP Event Calendar versi 1.4 <= Remote File Inclusion

Moderators: General Support Moderators, Hidden - JSST

Page 1 of 1

[ 1 post ]

Print view

Previous topic | Next topic

Author

Message

gustavo

Post subject: PHP Event Calendar versi 1.4 <= Remote File Inclusion

Posted: Thu Jul 13, 2006 3:34 pm

Joomla! Explorer

Joined: Fri Aug 19, 2005 12:51 pm
Posts: 362
Location: Argentina

Quote:

Author: Solpot

Input passed to the "path_to_calendar" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.

code from calendar.php

if(!$path_to_calendar){
$path_to_calendar = $_path_to_calendar;
}
extract($HTTP_POST_VARS);
extract($HTTP_GET_VARS);
include_once $path_to_calendar.'db.php';
function show_calendar($index_calendar='') {
global $db,$path_to_data,$settings;

Have a nice day
Gustavo

_________________
Comunidad Joomla!: Member of the Spanish [es_ES] Joomla Translation Team | http://comunidadjoomla.org

NUEVO! Manual de instalación para Joomla! 1.5.x - Guía de inicio Joomla! 1.5.X en http://joomlacode.org/gf/project/comunidadjoomla/frs/

Top

Page 1 of 1

[ 1 post ]

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 5 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

Joomla! Discussion Forums

PHP Event Calendar versi 1.4 <= Remote File Inclusion

Quick reply

Who is online