Mambo Open Server configuration.php Arbitrary File Deletion

2004-04-01T00:00:00
ID OSVDB:7520
Type osvdb
Reporter Frank Bohne()
Modified 2004-04-01T00:00:00

Description

Vulnerability Description

Mambo contains a flaw that allows a remote attacker to delete arbitrary files outside of the web path. The issue is due to the 'configuration.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'com_media' variable.

Technical Description

An attacker must be logged in as administrator. This vulnerability primarily affects Mambo setups on multi-user/host environments.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Mambo contains a flaw that allows a remote attacker to delete arbitrary files outside of the web path. The issue is due to the 'configuration.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'com_media' variable.

Manual Testing Notes

http://[victim]/administrator/index2.php?option=com_media&task=delete&delFile=configuration.php&listdir=/../..

References:

Vendor URL: http://www.mamboserver.com/ Vendor Specific Advisory URL