Mambo Open Source contact.php Unauthorized Mail Relay

2003-09-19T10:53:48
ID OSVDB:7487
Type osvdb
Reporter Lifo Fifo(lifofifo20@yahoo.com)
Modified 2003-09-19T10:53:48

Description

Vulnerability Description

Mambo Open Source contains a flaw that may allow a remote attacker to relay mail. The issue is due to the contact.php script not properly authenticating a remote user. By providing custom arguments to the variables, a remote attacker can craft mail that will be sent through the remote server and appear to come from no one.

Solution Description

Upgrade to version 4.0.14 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mambo Open Source contains a flaw that may allow a remote attacker to relay mail. The issue is due to the contact.php script not properly authenticating a remote user. By providing custom arguments to the variables, a remote attacker can craft mail that will be sent through the remote server and appear to come from no one.

Manual Testing Notes

http://[victim]/mambo/contact.php?op=sendmail&text=this is spam&from=none&name=Admin&email_to=lifofifo@hackingzone.org&sitename=hackingzone.org

References:

Vendor URL: http://www.mamboserver.com/ Secunia Advisory ID:9796 Related OSVDB ID: 2166 Related OSVDB ID: 7485 Related OSVDB ID: 7484 Related OSVDB ID: 7486 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0303.html ISS X-Force ID: 13240 Generic Informational URL: http://www.hackingzone.org/secviewarticle.php?id=11 Bugtraq ID: 8647