More Mambo Site Server problems

Networking/Security Forums -> Exploits // System Weaknesses

Author: ComSec PostPosted: Tue Jan 14, 2003 7:27 pm    Post subject: More Mambo Site Server problems
    ----
another follow up to the mambo server problems(see links)

http://www.security-forums.com/forum/viewtopic.php?t=2550
http://www.security-forums.com/forum/viewtopic.php?t=2611
=========================================

Mambo Site Server Remote Code Execution Vulnerability
Posted on 14 January 2003

Mambo PHP-Portal Vulnerability ( By Mindwarper :: mindwarper@hush.com :: )

<------- ------->

- ----------------------
Vendor Information:
- ----------------------

Homepage : http://www.mamboserver.com
Vendor : informed
Mailed advisory: 09/01/03
Vender Response : None yet

- ----------------------
Affected Versions:
- ----------------------

4.0.12 BETA and Prior

- ----------------------
Description:
- ----------------------



Mambo Site Server is a website portal tool written in php. A couple of vulnerabilies have been discovered including XSS and Remote Code Execution on the server with server permissions. A couple of includes and upload codes do not check for admin access or any type of restriction and allow attackers to run arbitrary code without permission. ....full details

http://www.net-security.org/vuln.php?id=2359

Author: GiroLocation: England PostPosted: Wed Jan 15, 2003 11:26 am    Post subject:
    ----
Its a joke took me 5 mins to write a script to make me super administrator, P,s Dont forget to vote in my poll Rolling Eyes

http://www.finna.net/mambo/index.php

Author: ComSec PostPosted: Wed Jan 15, 2003 6:38 pm    Post subject:
    ----
Ol Man wrote:
Its a joke took me 5 mins to write a script to make me super administrator, P,s Dont forget to vote in my poll Rolling Eyes

http://www.finna.net/mambo/index.php


nice place you got.....yeah Mambo gotta get there act together and stop avoiding real serious issues....who knows what will turn up next.

voted in your poll for security.....(important)

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Wed Jan 15, 2003 6:40 pm    Post subject:
    ----
Heh, yeh I voted too.

Author: GiroLocation: England PostPosted: Wed Jan 15, 2003 11:31 pm    Post subject:
    ----
ComSec wrote:
Ol Man wrote:
Its a joke took me 5 mins to write a script to make me super administrator, P,s Dont forget to vote in my poll Rolling Eyes

http://www.finna.net/mambo/index.php


nice place you got.....yeah Mambo gotta get there act together and stop avoiding real serious issues....who knows what will turn up next.

voted in your poll for security.....(important)


Not my site Razz

Author: ComSec PostPosted: Thu Jan 16, 2003 3:16 am    Post subject:
    ----
LOL ...gotcha Rolling Eyes

http://www.finna.net/mambo/index.php?option=displaypage&Itemid=56&op=page&SubMenu=

see how easy it is Wink



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group