TITLE: Mambo MambWeather Module "mosConfig absolute path" File Inclusion
SECUNIA ADVISORY ID: SA22521
VERIFY ADVISORY:CRITICAL: Highly critical
IMPACT: System access
WHERE: From remoteSOFTWARE: MambWeather 1.x (module for Mambo)
http://secunia.com/product/12390/http://secunia.com/advisories/22521/DESCRIPTION: h4ntu has discovered a vulnerability in the MambWeather module for Mambo, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "mosConfig absolute path" parameter in modules/MambWeather/Savant2/Savant2_Plugin_options.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Successful exploitation requires that "register_globals" is enabled.
The vulnerability is confirmed in version 1.8.1. Other versions may also be affected.SOLUTION: Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".PROVIDED AND/OR DISCOVERED BY: h4ntu
http://milw0rm.com/exploits/2613
ORIGINAL ADVISORY:
Community News: Mambo MambWeather Module ''mosConfig absolute path'' File InclusionPosted on Monday, October 23, 2006 @ 18:29:24 BST in Security Vulnerabilities    ![header=[Blink it] body=[Bookmark and share this link with Blinklist]](modules/News/images/blinklist.png "header=[Blink it] body=[Bookmark and share this link with Blinklist]") ![header=[Tag on del.icio.us] body=[Bookmark and share this link with Delicious.com]](modules/News/images/delicious.png "header=[Tag on del.icio.us] body=[Bookmark and share this link with Delicious.com]") ![header=[Digg this] body=[Bookmark and share this link with Digg]](modules/News/images/digg.png "header=[Digg this] body=[Bookmark and share this link with Digg]") ![header=[Stumble this] body=[Share this link with your friends at Stumbleupon]](modules/News/images/stumbleupon.png "header=[Stumble this] body=[Share this link with your friends at Stumbleupon]") ![header=[Myspace this] body=[Share this link with your friends on Myspace]](modules/News/images/myspace.png "header=[Myspace this] body=[Share this link with your friends on Myspace]") ![header=[Reddit this] body=[Bookmark and share this link with Reddit]](modules/News/images/reddit.png "header=[Reddit this] body=[Bookmark and share this link with Reddit]") ![header=[Search Technorati] body=[Search this link with Technorati]](modules/News/images/technorati.png "header=[Search Technorati] body=[Search this link with Technorati]") ![header=[Facebook this] body=[Share this link with your friends on Facebook]](modules/News/images/facebook.png "header=[Facebook this] body=[Share this link with your friends on Facebook]") ![header=[Tweet it] body=[Share this link with your friends on Twitter]](modules/News/images/twitter.png "header=[Tweet it] body=[Share this link with your friends on Twitter]") ![header=[Ping This] body=[Post this to Png.fm]](modules/News/images/ping.png "header=[Ping This] body=[Post this to Png.fm]")  Stories Archive More about Security Vulnerabilities News by Guardian |
38.107.191.103
New Members:
Online Now:
Server Time:
