I got forwarded an email yesterday about a vulnerability in the Joomla! component "a6MamboCredits". The vulnerability was due to three things.
- Registered Globals were turned on.
- Joomla! emulates registered globals turned on.
- The global varible "mosConfig_absolute_path" was used to include files.
So the vulnerability was from code like the following:
require_once( $GLOBALS['mosConfig_absolute_path'].
'/administrator/includes/pageNavigation.php' );
The solution and better programming would be to use either:
$absolute_path$mainframe->getCfg('absolute_path');
require_once($absolute_path. '/administrator/includes/pageNavigation.php' );
or
define( 'ABSOLUTE_PATH', dirname(__FILE__) );
require_once(ABSOLUTE_PATH. '/administrator/includes/pageNavigation.php' );
Little programming practices like this will make your components so much more secure. These vulnerabilities that keep popping up are from bad programming practices. They give Joomla! a bad name. So lets all start programming wisely.
A full security report can be found at Secunia (http://secunia.com/product/11570/).