Re: Joomla J! Reactions Component Remote File include Bug
The entire langset.php file should be changed to:
<?php defined( '_VALID_MOS' ) or die( 'Direct access is prohibited.' );
global $mosConfig_lang;
if (file_exists("$comPath/custom/".$mosConfig_lang.".php")) {
include("$comPath/custom/".$mosConfig_lang.".php");
} else {
require("$comPath/custom/english.php");
} ?>
The spam expolit occurs because the original file does not test VALID_MOS. This vulnerability exists in build 1.8.1 and earlier.
討論串 (同標題文章)
完整討論串 (本文為第 2 之 3 篇):